Microsoft Cost Details API now generally available for EA and MCA customers

The Cost Details API is now generally available for use by Enterprise Agreement (EA) and Microsoft Customer Agreement (MCA) customers. This API provides on-demand download of the granular cost details (formerly referred to as usage details) associated with your Microsoft charges. The API replaces all existing Usage Details APIs and provides data for charges in your invoice. For customers with an MCA agreement this includes Microsoft 365, Dynamics 365, Power Platform, and Azure charges. This API is the go-to solution, along with Exports, for ingesting the raw cost data needed to build any custom reporting solution. To learn more about how to call the Cost Details API, please see our documentation on how to get small cost datasets on demand.

Customers that are not using Exports or the Cost Details API should migrate to one of these solutions moving forward. To learn more about which solution is best for your scenario, see our picking a cost details solution best practices.

Benefits of the new solutions

Both the Cost Details API and Exports provide extensive benefits on top of existing solutions today.

Security and stability—New solutions require Service Principal and/or user tokens in order to access data. For EA customers, keys used in the EA Reporting APIs are valid for six months. Going forward it is recommended to use token-based solutions through Service Principal or User authentication, consistent with Azure REST APIs.
Scalability—The EA Reporting APIs (available only for EA customers) and the Consumption Usage Details (available for both EA and MCA customers) aren't built to scale well as your Microsoft and Azure costs increase. The number of Azure cost records in your cost details dataset can get exceedingly large as you deploy more resources into the cloud. The new solutions are asynchronous and have extensive infrastructure enhancements behind them to ensure successful downloads for any size dataset.
Single dataset for all usage details—For EA customers, the existing EA Reporting APIs have separate endpoints for Azure usage charges versus Azure Marketplace charges. These datasets have been merged in the new solutions. A single dataset reduces the number of APIs that you need to call to see all your charges.
Purchase amortization—Customers who purchase Reservations can see an amortized view of their costs using the new solutions. You can request for amortized or actual cost datasets as part of report configuration. Learn more about using amortized cost details datasets.
Schema consistency—The Cost Details API and Exports provide files with matching fields. This allows you to easily move between solutions based on your scenario. Learn more about the fields available and understand cost details data fields.
Cost allocation integration—EA and MCA customers can use the new solutions to view charges in relation to the cost allocation rules that have been configured. Learn more about creating and managing Azure cost allocation rules.
Go forward improvements—The new solutions are being actively developed moving forward. They'll receive all new features as they're released.

Migrating to the new solutions

The EA Reporting APIs and the Consumption Usage Details API are no longer actively being developed. We strongly recommend migrating off these APIs as soon as possible. A retirement announcement will be made in the future with formal timelines for when the APIs will be turned off. However, the APIs will be fully supported from a reliability standpoint until the formal retirement date is reached.

When assessing the migration off existing usage details solutions, please use the documents below as a reference point:

Migrate from the Enterprise Reporting Usage Details API
Migrate from the Consumption Usage Details API

Please note that pay-as-you-go, MSDN, and Visual Studio customers who are not a part of either an Enterprise Agreement (EA) or Microsoft Customer Agreement (MCA) should continue using the Consumption Usage Details API.

Next steps

Learn more about automation with our Cost Management automation overview.
Assign permissions to SPN to call the APIs.
Understand the basics of how to work with cost details data.
Pick the cost details solution that is right for you.
Get small cost datasets on demand with the Cost Details API.

Follow us on Twitter @MSCostMgmt for more exciting Cost Management updates.
Quelle: Azure

Migrate and modernize with Azure to power innovation across the entire digital estate

Cloud adoption increased significantly during COVID-19 and continues for many companies. However, an enormous migration and modernization opportunity remains as organizations continue their digital transformation. In fact, 72 percent of organizations reported their industry’s pace of digital transformation accelerated because of COVID-19, according to a survey sponsored by Microsoft in The Economist1. And we don’t expect that to slow down anytime soon.

We are hearing key themes from our customers that reinforce this, including:

Cloud has become the catalyst for innovation. Customers are moving beyond operational efficiency to create new products and offerings, leveraging the unique capabilities of cloud to differentiate themselves.
Customers are not just looking for technology, they’re looking for a trusted partner. They need an expert to help them navigate these tough issues as they move toward hybrid, multi-cloud, and edge environments, facing new complexities and opportunities.
Security, data privacy, and compliance are top of mind for customers in every industry as cyberattacks continue to rise2.

These areas are opportunities for us to strengthen our partnerships and help our mutual customers realize their greatest potential. This is why we are focusing on three key areas of growth for Azure at Microsoft Inspire:

Innovation with new cloud-native experiences.
Modernization of app and data estates.
Migration and modernization of infrastructure and mission-critical workloads.

This week, we are announcing new Microsoft Azure capabilities to help partners increase return on investments, grow leads, and shorten sales cycles. This includes updates to our Azure Migration and Modernization Program (AMMP) and announcing the ISV Success Program.

Read on for more details on our latest developments and each of the opportunity areas to see how we can deliver the greatest value to our customers. Our Azure keynote session is also a great resource to learn more.

Key investments to help partners achieve success

Azure Migration and Modernization Program

We now have more than 500 partners enrolled in the Azure Migration and Modernization Program (AMMP) across apps, data, and infrastructure. AMMP is our hero program to help simplify and accelerate migration and modernization, with the right mix of incentives, best practice guidance, tools, and expert help. AMMP has powered deeper go-to-market connections with partners—and our goal is to ensure every migration and modernization opportunity has a partner attached to it. Partners are at the center of how we execute with customers.

We’re making substantive investments and updates to AMMP to help drive scale and velocity of migrations:

Up to 2.5 times larger incentives for Windows Server and SQL Server migrations. 
Empowerment for Microsoft sales organizations to locally allocate incentives for their areas, providing more opportunity for partners to engage and feed into local plans.
Updated best practice guidance with the Cloud Adoption Framework for Azure and Azure Well Architected Framework (WAF).
New modernization capabilities in Azure Migrate, including the option for ISVs to integrate their own IP.

Now more than ever, we need partners’ help to scale our customers’ migration and modernization journeys. Sign up or nominate customers for the AMMP.

ISV Success Program

As the cloud becomes the fabric of every business, across every industry, customers need more complete solutions to support their growth and innovation. This creates tremendous opportunity as the demand for software as a service (SaaS) and "anything as a service solutions continue to increase. To help unlock opportunities for software providers we are excited to announce new benefits with the ISV Success Program to help ISVs innovate rapidly, build well architected applications, publish them to our commercial marketplace, and grow their sales. Currently in preview, and broadly available in fall 2022, the program is intended to be the pathway to ISV success in the Microsoft Cloud Partner Program.

Software providers can take advantage of this new program to build across the Microsoft Cloud and get access to cloud sandboxes, developer tooling, technical and business resources, and a dedicated community.

Innovate with new cloud-native experiences

Organizations across industries are looking to deliver highly personalized experiences to their end customers. Cloud-native applications can help meet these needs. For example, Microsoft Azure has helped retailers like Walgreens gain immediate access to rich transactional data and insights, enabling faster decisions and better customer experiences. According to IDC3, 750 million new logical applications will be built by 2025. This is why so many ISVs and enterprises are turning to Azure for their cloud-native applications. Partners can help customers build cloud apps using scalable containerized architectures combined with globally scalable databases infused with intelligence through AI.

Modernize application and data estates

Modernization of applications and data represents a huge partner opportunity where one project will lead to the next. In fact, 59 percent of organizations see modernizing apps to the cloud as a top initiative4. According to Microsoft estimates, the opportunity for data exceeds $42 billion today, and will grow to $85 billion by fiscal year 2025. Our goal is to help partners close deals to modernize the application and data estates even faster. We’ve made this even more seamless with our newly released Microsoft Intelligent Data Platform. This end-to-end ecosystem integrates databases, analytics, and governance across the customer estate—enabling organizations to adapt in real-time, add layers of intelligence to their applications, unlock fast and predictive insights, and govern their data—wherever it resides.

No matter where our customers are in their modernization journey, Azure offers flexibility between control over managing infrastructure and the level of productivity desired. Partner advisory services and technical expertise is extremely valuable in this estate-level opportunity.

Migrate and modernize infrastructure and mission-critical workloads

Our customers often face time-sensitive decisions with datacenter contract renewals or software end-of-support. As a result, many customers are looking to shift large parts of their IT spend to the cloud with infrastructure as a service (IaaS) seeing the biggest increase. 

This year also brings timely migration opportunities for Windows Server and SQL Server. It’s a great time for partners to advise customers using SQL Server 2012 and Windows Server 2012/2012 R2 about End of Support (EOS) timelines and help them take action to stay secure. It’s also an opportunity to talk with customers about their cloud migration and modernization plans. We offer the best value at every stage of cloud migration. To share just two examples, it’s up to 80 percent less expensive to run Windows Server VMs and Azure SQL Managed Instance on Azure than it is with our main competitor.  And it’s not just about costs—we offer unique capabilities like Azure Automanage to simplify VM management and the broadest SQL Server compatibility to ease the move.

Read more about the top workloads with the largest migration opportunity as a key growth and revenue driver this coming year with announcement details, including:

Azure Confidential Computing capabilities, now generally available, allow partners to transition to Azure workloads that handle sensitive data with additional levels of protection.
Azure Center for SAP solutions, now in preview, is an end-to-end solution to deploy and manage SAP workloads on Azure, enabling customers and partners to create and run an SAP system as a unified workload, and providing a more seamless foundation for innovation on the Microsoft Cloud.
A new Azure Arc Boost Program, in partnership with Intel, will drive the deployment of Azure Arc and Azure Stack HCI in customer hybrid environments through our Systems Integrator partner ecosystem.
Our most recent release of Azure Stack HCI, in preview, delivers more customer value and partner opportunity with new features by providing increased value on investment, shortened time to value, and improved support experience for Azure Stack HCI.

Get started at Microsoft Inspire

With so much opportunity ahead, where should you get started? Be sure to tune into the keynote and the Azure sessions linked below to hear from partners about how they’re already growing their business through Microsoft Cloud and Azure. Partners can bring tailored industry expertise and solutions to complement the innovation that Azure delivers. Together with our amazing partner community, we are creating opportunities with the most trusted cloud to empower customers to transform today, tomorrow, and build for the future.

Azure sessions

Power innovation across the digital estate
Grow revenue by accelerating customer adoption of Azure infrastructure
New SAP on Azure solutions and GTM offers to accelerate your business
Winning the data estate with Microsoft Intelligent Data Platform
Drive digital and application innovation with Microsoft Azure
Addressing sovereign requirements with Microsoft Cloud
SQL Server 2022: the most Azure-connected SQL Server release ever
Move your Azure hybrid business forward with Azure Arc
Enhance your customers' network security and drive business growth on
Latest Azure Confidential Computing innovations – generally available
How to make money migrating with Azure VMware Solution
Onboard as a HPC partner
Azure migration and modernization – Tools & Programs
Bring AI to Every App, Process and employee with Azure AI
Building industry sustainability solutions together with our partners
Innovate with cloud-scale apps, data, and AI
Winning the toughest analytics workloads on Azure
Advancing enterprise Linux application modernization on Azure
New opportunities to grow your practice with Azure Virtual Desktop

Sources: 

1The transformation imperative: Digital drivers in the covid-19 pandemic, The Economist

2Microsoft Digital Defense Report

3750 Million New Logical Applications: More Background, IDC

4Flexera Releases 2021 State of the Cloud Report Press Release, flexera.com

 
Quelle: Azure

Azure Premium SSD v2 Disk Storage in preview

We are excited to announce the preview of Premium SSD v2, the next generation of Microsoft Azure Premium SSD Disk Storage. This new disk offering provides the most advanced block storage solution designed for a broad range of input/output (IO)-intensive enterprise production workloads that require sub-millisecond disk latencies as well as high input/output operations per second (IOPS) and throughput—at a low cost. With Premium SSD v2, you can now provision up to 64TiBs of storage capacity, 80,000 IOPS, and 1,200 MBPS throughput on a single disk. With best-in-class IOPS and bandwidth, Premium SSD v2 provides the most flexible and scalable general-purpose block storage in the cloud, enabling you to meet the ever-growing demands of your production workloads such as—SQL Server, Oracle, MariaDB, SAP, Cassandra, Mongo DB, big data, analytics, gaming, on virtual machines, or stateful containers. Moreover, with Premium SSD v2, you can provision granular disk sizes, IOPS, and throughput independently based on your workload needs, providing you more flexibility in managing performance and costs.

With the launch of Premium SSD v2, our Azure Disk Storage portfolio now includes one of the most comprehensive sets of disk storage offerings to satisfy workloads ranging from Tier-1 IOPS intensive workloads such as SAP HANA to general purpose workloads such as RDMS and NoSQL databases and cost-sensitive Dev/Test workloads.

Benefits of Premium SSD v2

As customers transition their production workloads to the cloud or deploy new cloud-native applications, balancing performance and cost is top of mind. For example, transaction-intensive database workloads may require high IOPS on a small disk size or a gaming application may need very high IOPS during peak hours. Similarly, big data applications like Cloudera/Hadoop may require very high throughput at a low cost. Hence, customers need the flexibility to scale their IOPS and throughput independent of the disk size. With Premium SSD v2, you can customize disk performance to precisely meet your workload requirements or seasonal demands, without the need to provision additional storage capacity.

Premium SSD v2 also enables you to provision storage capacity ranging from 1 GiB up to 64 TiB with GiB increments. All Premium SSD v2 disks provide a baseline performance of 3,000 IOPS and 125 MB/sec. If your disk requires higher performance, you can provision the required IOPS and throughput at a low cost, up to the max limits shown below. You can dynamically scale up or scale down the IOPS and throughput as needed without downtime, allowing you to manage disk performance cost-effectively while avoiding the maintenance overhead of striping multiple disks to achieve more performance. Summarizing the key benefits:

Granular disk size in 1 GiB increments.
Independent provisioning of IOPS, throughput, and GiB.
Consistent sub-millisecond latency.
Easier maintenance with scaling performance up and down without downtime.

Premium SSD v2, like all other Azure Disk Storage offerings, will provide our industry-leading data durability and high availability at general availability.

Following is a summary comparing Premium SSD v2 with the current Premium SSD and Ultra Disk.

 

Ultra Disk

Premium SSD v2

Premium SSD

Disk Size

4 GiB – 64 TiB

1 GiB – 64 TiB

4 GiB – 32 TiB

Baseline IOPS

Varies by disk size

3,000 IOPS free

Varies by disk size

Baseline throughput

Varies by disk size

125 MBPS free

Varies by disk size

Peak IOPS

160,000 IOPS

80,000 IOPS

20,000 IOPS

Peak Throughput

4,000 MBPS

1,200 MBPS

900 MBPS

Durability

99.999999999% durability

(~0% annual failure rate)

99.999999999% durability

(~0% annual failure rate)

99.999999999% durability

(~0% annual failure rate)

Supported Azure Virtual Machines

Premium SSD v2 can be used with any premium storage-enabled virtual machines sizes enabling you to leverage a diverse set of virtual machine sizes. Currently, Premium SSD v2 can only be used as data disks. Premium SSDs and Standard SSDs can be used as OS disks for virtual machines using Premium SSD v2 data disks.

Pricing

Premium SSD v2 disks are billed hourly based on the provisioned capacity, IOPS, and MBPS. Let’s take an example of a disk that you provision with 100 GiB capacity, 5000 IOPS, and 150 MB/sec throughput.

The disks are billed per GiB of the provisioned capacity. Hence, you will be charged for 100 GiB of the provisioned capacity.
The disks are billed for any additional IOPS provisioned over the free baseline of 3,000 IOPS. In this case, since you provisioned 5000 IOPS, you will be billed for the additional 2,000 IOPS.
The disks are billed for any additional throughput over the free baseline throughput of 125 MB/s. In this case, since you provisioned 150 MB/sec throughput, you will be billed for the additional 25 MB/s throughput.

You can learn more on the Azure Managed Disks pricing page.

Getting Started

Premium SSD v2 is currently available in preview in select regions. If you are interested in participating in the preview, you can request access to get started. Once enrolled in the preview program, you will be able to create and manage Premium SSD v2 via the Azure portal, PowerShell, and CLI SDKs. You can refer to the Premium SSD v2 documentation to learn more.

We look forward to hearing your feedback. Please email us at AzureDisks@microsoft.com with any questions.
Quelle: Azure

Microsoft joins Jakarta EE and MicroProfile Working Groups at Eclipse Foundation

We’re excited to announce that Microsoft has joined the Eclipse Foundation Jakarta EE and MicroProfile Working Groups as an Enterprise and Corporate member, respectively. Our goal is to help advance these technologies to deliver better outcomes for our Java customers and the broader community. We’re committed to the health and well-being of the vibrant Java ecosystem, including Spring (Spring utilizes several key Jakarta EE technologies). Joining the Jakarta EE and MicroProfile groups complements our participation in the Java Community Process (JCP) to help advance Java SE.

Over the past few years, Microsoft has made substantial investments in offerings for Java, Jakarta EE, MicroProfile, and Spring technologies on Azure in collaboration with our strategic partners. With Red Hat, we’ve built a managed service for JBoss EAP on Azure App Service. We’re also collaborating with Red Hat to enable robust solutions for JBoss EAP on Virtual Machines (VMs) and Azure Red Hat OpenShift (ARO). With VMware, we jointly develop and support Azure Spring Apps (formerly Azure Spring Cloud), a fully managed service for Spring Boot applications. And with Oracle and IBM, we’ve been building solutions for customers to run WebLogic and WebSphere Liberty/Open Liberty on VMs, Azure Kubernetes Service, and ARO (WebSphere). Other work includes a first-party managed service to run Tomcat and Java SE (App Service) and Jakarta Messaging support in Azure Service Bus. Learn more about these Java EE, Jakarta EE, and MicroProfile on Azure offerings.

Our strategic partners

Microsoft is actively improving our support for running Quarkus on Azure, including on emerging platforms such as Azure Container Apps. The expanded investment in Jakarta EE and MicroProfile is a natural progression of our work to enable Java on Azure. Our broad and deep partnerships with key Java ecosystem stakeholders such as Oracle, IBM, Red Hat, and VMware power our Java on Azure work. These strategic partners share our enthusiasm for the Jakarta EE and MicroProfile journeys that Microsoft has embarked upon.

"We're thrilled to have an organization with the influence and reach of Microsoft joining the Jakarta EE Working Group. Microsoft has warmly embraced all things Java across its product and service portfolio, particularly Azure. Its enterprise customers can be confident that they will be actively participating in the further evolution of the Jakarta EE specifications which are defining enterprise Java for today's cloud-native world."—Mike Milinkovich, Executive Director, Eclipse Foundation.

“We welcome Microsoft to the Jakarta EE and MicroProfile Working Groups. We are pleased with our collaboration with Microsoft in delivering Oracle WebLogic Server solutions in Azure, which are helping customers to use Jakarta EE in the cloud. We look forward to more collaboration in the Jakarta EE and MicroProfile Working Groups.”—Tom Snyder, Vice President, Oracle Enterprise Cloud Native Java.

“IBM’s collaboration with Microsoft has shown Jakarta EE and MicoProfile running well in a number of Azure environments on the Liberty runtime, so it’s exciting to see Microsoft now joining the Jakarta EE and MicroProfile Working Groups. I look forward to seeing Microsoft bringing another perspective to the Working Groups based on their experience and needs for Azure customers.”—Ian Robinson, Chief Technology Officer, IBM Application Platform.

"It is great to see Microsoft officially join both MicroProfile and Jakarta EE as they'd been informally involved in these efforts for a long time. I hope to see Microsoft's participation bring experience from their many users and partners who have developed and deployed enterprise Java applications on Azure for several years."—Mark Little, Vice President, Software Engineering, Red Hat.

"We are excited to see Microsoft supporting the Jakarta EE Working Group. Jakarta EE serves as a key integration point for Spring applications and we look forward to the future evolution of common specifications like Servlet, JPA, and others. Microsoft delights developers with their continued support of the Java ecosystem along with their work with VMware on bringing a fully managed Spring service to Azure.”—Ryan Morgan, Vice President, Software Engineering, VMware.

Looking to the future

As part of the Jakarta EE and MicroProfile working groups, we’ll continue to work closely with our long-standing partners. We believe our experience with running Java workloads in the cloud will be valuable to the working groups, and we look forward to building a strong future for Java together with our customers, partners, and the community.

Learn more about Java on Azure offerings for Jakarta EE and MicroProfile.
Quelle: Azure

Gateway Load Balancer now generally available in all regions

Previously, we announced the public preview release of Gateway Load Balancer (GWLB), a new SKU of Azure Load Balancer targeted for transparent NVA (network virtual appliance) insertion supported by a growing list of NVA providers. Today, placing NVAs in the path of traffic is a growing need for customers as their workloads scale. Common use cases of NVAs we’ve seen are:

Allowing or blocking specific IPs using virtual firewalls.
Protecting applications from DDoS attacks.
Analyzing or visualizing traffic patterns.

And GWLB now offers the following benefits for NVA scenarios:

Source IP preservation.
Flow symmetry.
Lightweight NVA management at scale.
Auto-scaling with Azure Virtual Machines Scale Sets (VMSS).

With GWLB, bump-in-the-wire service chaining becomes easy to add on to new or existing architectures in Azure. This means customers can easily “chain” a new GWLB resource to both Standard Public Load Balancers and individual virtual machines with Standard Public IPs, covering scenarios involving both highly available, zonally resilient deployments and simpler workloads.

Figure 1: GWLB can be associated to multiple consumer resources, including both Standard Public Load Balancers and Virtual Machines with Standard Public IPs. When GWLB is chained to the front-end configuration or VM NIC IP configuration, unfiltered traffic from the internet will first be directed to the GWLB and then reach the configured NVAs. The NVAs will then inspect the traffic and send the filtered traffic to the final destination, the consumer application hosted on either the load balancer or virtual machine.

What’s new with Gateway Load Balancer

GWLB borrows a majority of the same concepts as the Standard Load Balancers that customers are familiar with today. You’ll have most of the same components such as frontend IPs, load balancing rules, backend pools, health probes, and metrics, but you’ll also see a new component unique to GWLB—VXLAN tunnel interfaces.

VXLAN is an encapsulation protocol utilized by GWLB. This allows traffic packets to be encapsulated and decapsulated with VXLAN headers as they traverse the appropriate data path, all while maintaining their original source IP and flow symmetry without requiring Source Network Address Translation (SNAT) or other complex configurations like user-defined routes (UDRs).

The VXLAN tunnel interfaces are configured as part of the GWLB’s back-end pool and enable the NVAs to isolate “untrusted” traffic from “trusted” traffic. Tunnel interfaces can either be internal or external and each backend pool can have up to two tunnel interfaces. Typically, the external interface is used for “untrusted” traffic—traffic coming from the internet and headed to the appliance. Correspondingly, the internal interface is used for “trusted” traffic—traffic going from your appliances to your application.

Contoso case study

To better understand the use case of GWLB, let’s dive deeper into example retail company Contoso’s use case.

Who is Contoso?

Contoso is a retail company that uses Azure Load Balancer today to make their web servers supporting their retail platform regionally resilient. In the past few years, they’ve experienced exponential growth and now serve over 20 million visitors per month. When faced with the need to scale their retail platform, they chose Azure Load Balancer because of its high performance coupled with ultra-low latency. As a result of their success, they’ve begun to adopt stricter security practices to protect customer transactions and reduce the risk of harmful traffic reaching their platforms.

What does Contoso’s architecture look like today?

One of their load balancers supporting the eastus region is called contoso-eastus and has a front-end IP configuration with the public IP 101.22.462. Today, traffic headed to 101.22.462 on port 80 is distributed to the backend instances on port 80 as well.

What’s the problem?

The security team recently identified some potentially malicious IP addresses that have been attempting to access their retail platform. As a result, they’re looking to place a network-layer virtual firewall to protect their applications from IP addresses with poor reputations.

What’s the plan?

Contoso has decided to go with a third-party NVA vendor whose appliances the team has used in other contexts such as smaller scale applications or other internal-facing tools. The security team wants to keep the creation of additional resources to a minimum to simplify their NVA management architecture, so they decide map one GWLB with an auto-scaling backend pool of NVAs using Azure VMSS to each group of load balancers deployed in the same region.

Deploying Gateway Load Balancer

The cloud infrastructure team at Contoso creates a GWLB with their NVAs deployed using Azure VMSS. Then, they chain this GWLB to their 5 Standard Public LBs for the eastus region. After verifying that their Data Path Availability and Health Probe Status metrics are 100 percent on both their GWLB and on each chained Standard Public LB, they run a quick packet capture to ensure everything is working as expected.

What happens now?

Now, traffic packets whose destination are any of the frontend IPs of the Standard Public LBs for eastus will be encapsulated using VXLAN and sent to the GWLB first. At this point, the firewall NVAs will decapsulate the traffic, inspect the source IP, and determine whether this traffic is safe to continue on towards the end application. The NVA will then re-encapsulate traffic packets that meet the firewall’s criteria and send it back to the Standard LB. When the traffic reaches the Standard LB, the packets will be decapsulated, meaning that the traffic will appear as if it came directly from the internet, with its original source IP intact. This is what we mean by transparent NVA insertion, as Contoso’s retail platform applications will behave exactly as they did before, without ever knowing that the packet was inspected or filtered by a firewall appliance prior to reaching the application server.

Gateway Load Balancer partners

Gateway Load Balancer supports a variety of NVA providers, you can learn more about each of our partners on our partners page.

Virtual firewalls

Check Point
Cisco
F5
Fortinet
Palo Alto Networks

Traffic observability

cPacket Networks
Glasnostic

Network security

Citrix
Trend Micro
Valtix

DDoS protection

A10 Networks

Learn more

Try out Gateway Load Balancer today with the help of our quickstart tutorials, or read more about Gateway Load Balancer on our public documentation.
Quelle: Azure

Modernize with Azure Migrate

With the pandemic mostly behind us, several large economies have opened in some shape or form. This, despite the uneven supply of goods and services and higher than usual energy costs. The higher energy cost and the resulting increase in the cost of doing business, has led to a tighter economic outlook. Coupled with long lead times for required parts and continued remote work, datacenter management is harder and costlier than it has been. However, maintaining and growing any business requires additional information technology (IT) resources. Thus, there is an increased need for IT solutions to maintain business continuity and sustain innovation. Hyperscalers such as Microsoft’s Azure fill this need and are less affected by these constraints due to the economies of scale. Further, the cloud consumption model allows customers to quickly scale resources up or down to support agile businesses. This is why public cloud spend continues to accelerate and the top cloud initiatives for all organizations are migrating more loads, optimizing existing use, and modernizing through platform as a service (PaaS) or software as a service (SaaS)1.

Customer requirements

The customer requirement is to stay competitive, both on the technical and business fronts, to ensure continued success. Technical competency requires an agile and innovative IT platform with data analytics to provide insights that can help differentiate from the competition. It would be ideal if such an innovative platform is available at a lower cost. Incidentally, modernizing existing IT infrastructure, applications, and data to PaaS/SaaS models in the cloud, delivers on all these requirements, leading to a higher return on investment (ROI) for the customer.

The higher efficiency and lower cost due to the adoption of modern cloud-native architectures, such as PaaS and SaaS, also leads to greater levels of flexibility. Thus, setting the stage for the customer to realize greater value as they progress from IaaS to PaaS and onto SaaS models. Please download our analyst report for details on options and value due to application modernization in Azure.

Microsoft’s commitment to modernization

This week at Microsoft Inspire, we are highlighting our commitment to modernization with integrated, at-scale modernization of ASP.NET applications to Azure Application Service. Also, in preview is Azure Migrate’s support of discovery and assessment of SQL Server running in Microsoft Hyper-V and Physical environments and IaaS services of other public clouds. Please see our tech community blog for more details on this, and other Azure Migrate features available for Linux and Windows workloads.

Enabling deeper integration with our ISV partners

Azure Migrate’s extensible framework is ideal for deeper integration of first-party features to drive automation, while also leveraging third-party tools. Here is a brief view of partner capabilities that can be added to this flexible framework:

Over the years, enterprises have built and expanded custom applications, which require modernization to better support fast-changing business needs. See how Microsoft and CAST partner by combining Azure Migrate and software intelligence produced by CAST technology to automate migration and modernization under the Azure Migration and Modernization Program (AMMP).
Operability of your cloud infrastructure and workloads is key to cloud adoption success and Azure landing zones provide prescriptive guidance to set a well architected foundation for your Azure infrastructure. In partnership with HashiCorp and our Terraform Azure community, we now have the reference implementation for deploying and managing Azure resources at enterprise scale.

Learn more

Attend this Microsoft Inspire on-demand session to learn more about cloud migration and modernization. Check out this FastTrack link for moving to Azure efficiently and get best practice guidance from the Azure migration and modernization center (AMMC). AMMP is now one comprehensive program for all migration and modernization needs of our customers. Learn more and join AMMP today.

Sources: 

1. Trends in Cloud Computing: 2022 State of the Cloud Report, Flexera.com.
Quelle: Azure

Accelerating capital markets workloads for Murex on Azure

The financial services industry is constantly evolving to meet customer and regulatory demands. It is facing a variety of challenges spanning people, processes, and technology. Financial institutions (FIs) need to continuously accelerate to achieve technology and innovation while maintaining scale, quality, speed, and safety. Simultaneously, they need to handle evolving regulatory frameworks, manage risk, digitally transform, process financial transaction volumes, and accelerate cost reductions and restructuring efforts.

Murex is a leading global software provider of trading, risk management, processing operations, and post-trade solutions for capital markets. FIs around the world deploy Murex’s MX.3 platform to better manage risk, accelerate transformation, and simplify compliance while driving revenue growth.

Murex MX.3 on Azure

Murex MX.3 has been certified for Microsoft Azure since version 3.1.35. We have been collaborating with Murex and global strategic partners like Accenture and DXC to provide Murex customers with a simple way to create and scale MX.3 infrastructure and achieve agility in business transformation. With the recent version 3.1.48, SQL Server is supported and customers can now benefit from the performance, scalability, resilience, and cost savings facilitated by SQL Server. With SQL Server IaaS Extension, Murex customers can run SQL Server virtual machines (VMs) in Azure with PaaS capabilities for Windows OS (with automated patching setting disabled in order to prevent the installation of a cumulative update that may not yet be supported by MX3).

Architecture

Murex customers can now refer to the architecture to implement MX.3 application on Azure. Azure enables a secure, reliable, and efficient environment, significantly reducing the infrastructure cost needed to operate the MX.3 environment and providing scalability and a highly performant environment. Customers running MX.3 on Azure can take advantage of multilayered security provided by Microsoft across physical data centers, infrastructure, and operations in Azure. They can benefit from the Compliance Program that helps accelerate cloud adoption with proactive compliance assurance for highly critical and regulated workloads. Customers can maximize their existing on-premises investments using an effective hybrid approach. Azure provides a holistic, seamless, and more secure approach to innovation across customers’ on-premises, multicloud, and edge environments.

The architecture is designed to provide high availability and disaster recovery. Murex customers can achieve threat intelligence and traffic control using Azure Firewall, cost optimization using Reserved Instances and VM scale sets, and high storage throughout using Azure NetApp Files Ultra Storage.

“With the deployment of large scale—originally specialized platform-based—Murex workloads, Azure NetApp Files has proven to deliver the ideal Azure landing zone for storage-performance intensive, mission-critical enterprise applications and to live up to its promise to Migrate the Un-migratable," says Geert van Teylingen, Azure NetApp Files Principal Product Manager from NetApp.

Customers running Murex on Azure

Customers around the world are migrating the Murex platform from on-premises to Azure.

ABN AMRO has moved their MX.3 trading and treasury front-to-back-to-risk platform to Azure, achieving flexibility, agility, and improved time to market. ABN AMRO’s journey to Azure progressed from proof of concept to production, with the Murex MX.3 platform now entirely operational on Azure.

“The key focus for us was always to make sure that we could automate most processes while preserving its operational excellence and key features,” says Kees van Duin, IT Integrator at ABN AMRO.

“Thanks to Microsoft, we were able to preserve nearly 90 percent of our original design and move our platform to the cloud, while in-production, as efficiently as possible. We couldn’t be happier with the result,” he continues.

For Pavilion Energy, Upskills helped drive implementation for Murex Trading in Azure, helping reduce the risk of errors, increase the volume of trading activities, and optimize the management of their Murex MX.3 platform environments.

“We have been working on the Murex technology for over 10 years. Implementing Murex Trading Platform fully into Azure has proven to be the right decision to reduce the risk of delivery, optimize the environments management, and provide sustainable solutions and support to Pavilion Energy” says Thong Tran, Chief Executive Officer (CEO) of Upskills.

Strategic partners helping accelerate Murex workloads

Murex customers can modernize MX.3 workloads, reduce time-to-market and operational costs, and increase acceleration, leveraging accelerators, scripts, and blueprints from our partners—Accenture and DXC.

Accenture and Microsoft have decades of experience partnering with each other and building joint solutions that help customers achieve their goals. Leveraging our strategic alliance to better serve our customers, Accenture has designed and created specific accelerators, tools, and methodologies for MX.3 on Azure that could help organizations develop richer DevOps and become more agile while controlling costs.

Luxoft, a DXC Technology Company, with Microsoft as a global strategic partner for more than 30 years and Murex as a top-tier alliance partner for more than 13 years, helps modernize solutions to connect people, data, and processes with tangible business results. DXC has developed execution frameworks that adopt market best practices to accelerate and minimize risks of cloud migration of MX.3 to Azure.

Keeping pace with the changing regulatory and compliance constraints, financial innovation, computation complexity, and cyber threats is essential for FIs. FIs around the world are relying on Murex MX.3 to accelerate transformation and drive growth and innovation while complying with complex regulations. Customers are using Azure to enhance business agility and operation efficiency, reduce risk and total cost of ownership, and achieve scalability and robustness.

Additional resources

Microsoft and Murex team to help FIs move to Azure
Murex MX.3 architecture
ABN AMRO digital transformation journey with Murex

Quelle: Azure

MLOps Blog Series Part 4: Testing security of secure machine learning systems using MLOps

The growing adoption of data-driven and machine learning–based solutions is driving the need for businesses to handle growing workloads, exposing them to extra levels of complexities and vulnerabilities.

Cybersecurity is the biggest risk for AI developers and adopters. According to a survey released by Deloitte, in July 2020, 62 percent of adopters saw cybersecurity risks as a significant or extreme threat, but only 39 percent said they felt prepared to address those risks.

In Figure 1, we can observe possible attacks on a machine learning system (in the training and inference stages).

Figure 1: Vulnerabilities of a machine learning system.

To know more about how these attacks are carried out, check out the Engineering MLOps book. Here are some key approaches and tests for securing your machine learning systems against these attacks:

Homomorphic encryption

Homomorphic encryption is a type of encryption that allows direct calculations on encrypted data. It ensures that the decrypted output is identical to the result obtained using unencrypted inputs.

For example, encrypt(x) + encrypt(y) = decrypt(x+y).

Privacy by design

Privacy by design is a philosophy or approach for embedding privacy, fairness, and transparency in the design of information technology, networked infrastructure, and business practices. The concept brings an extensive understanding of principles to achieve privacy, fairness, and transparency. This approach will enable possible data breaches and attacks to be avoided.

Figure 2: Privacy by design for machine learning systems.

Figure 2 depicts some core foundations to consider when building a privacy by design–driven machine learning system. Let’s reflect on some of these key areas:

Maintaining strong access control is basic.
Utilizing robust de-identification techniques (in other words, pseudonymization) for personal identifiers, data aggregation, and encryption approaches are critical.
Securing personally identifiable information and data minimization are crucial. This involves collecting and processing the smallest amounts of data possible in terms of the personal identifiers associated with the data.
Understanding, documenting, and displaying data as it travels from data sources to consumers is known as data lineage tracking. This covers all of the data's changes along the journey, including how the data was converted, what changed, and why. In a data analytics process, data lineage provides visibility while considerably simplifying the ability to track data breaches, mistakes, and fundamental causes.
Explaining and justifying automated decisions when you need to are vital for compliance and fairness. High explainability mechanisms are required to interpret automated decisions.
Avoiding quasi-identifiers and non-unique identifiers (for example, gender, postcode, occupation, or languages spoken) is best practice, as they can be used to re-identify persons when combined.

As artificial intelligence is fast evolving, it is critical to incorporate privacy and proper technological and organizational safeguards into the process so that privacy concerns do not stifle its progress but instead lead to beneficial outcomes.

Real-time monitoring for security

Real-time monitoring (of data: inputs and outputs) can be used against backdoor attacks or adversarial attacks by:

Monitoring data (input and outputs).
Accessing management efficiently.
Monitoring telemetry data.

One key solution is to monitor inputs during training or testing. To sanitize (pre-process, decrypt, transformations, and so on) the model input data, autoencoders, or other classifiers can be used to monitor the integrity of the input data. The efficient monitoring of access management (who gets access, and when and where access is obtained) and telemetry data can result in being aware of quasi-identifiers and help prevent suspicious attacks.

Learn more

For further details and to learn about hands-on implementation, check out the Engineering MLOps book, or learn how to build and deploy a model in Azure Machine Learning using MLOps in the Get Time to Value with MLOps Best Practices on-demand webinar. Also, check out our recently announced blog about solution accelerators (MLOps v2) to simplify your MLOps workstream in Azure Machine Learning.
Quelle: Azure

How Microsoft Azure Cross-region Load Balancer helps create region redundancy and low latency

In this blog, we’ll walk through Microsoft Azure Cross-region Load Balancer (also known as the Global tier of Standard Load Balancer) through a case study with a retail customer. By incorporating Azure Cross-region Load Balancer into their end-to-end architecture, the customer was able to achieve region redundancy, high availability, and low latency for their end applications with a quick turnaround time for scaling events while retaining their IPs for TCP and UDP connections. DNS-based global load balancing solution was considered but not adopted due to long failover time caused by time-to-live not being honored.

Low latency with geo-proximity-based routing algorithm

Figure 1: With Azure Load Balancer all traffic will be routed to a random backend server based on 5-tuple hash.

Figure 2: With Cross-region Load Balancer traffic will be routed to the closest regional deployment.

With the previous setup, all traffic regardless of source IP location will be first forwarded to the load balancer’s region. This could take several hops across data centers which could introduce additional latency to network requests. With Azure Cross-region Load Balancer’s geo-proximity-based routing, end customers are being routed to the closest regional deployment which dramatically improves latency.

Automatic failover for disaster recovery

Figure 3: With Standard SKU Load Balancer, when the only regional deployment or the Load Balancer goes down, all traffic can be impacted.

Figure 4: Cross-region Load Balancer ensures seamless failover for disaster recovery.

Even though Standard Load Balancer offers zone redundancy, it is a regional resource. If a regional outage occurs causing the Load Balancer or all the backend servers to go unavailable, traffic will not be able to be forwarded as it arrives at the Load Balancer frontend. As a result, the website will be unavailable to the end customers. By adding a Cross-region Load Balancer on top of several existing regional deployments, the customer is now armed with region redundancy which ensures high availability of their end application. If web server one goes down, the end customer's traffic will be re-routed to web server two to ensure no packet gets dropped.

Scale up and down with no downtime

Figure 5: Easy scaling when using Microsoft Azure Virtual Machine Scale Sets (VMSS) combined with Cross-region Load Balancer.

Like many other industries, the retail industry faces frequent changes in traffic volume due to seasonality and other spontaneous trends. As a result, the customer’s top concern is to scale up and down in real-time. There are two ways to achieve this today with a Cross-region Load Balancer. One way is to directly add or remove a regional Public Load Balancer behind the Cross-region Load Balancer. Another way is to use Microsoft Azure Virtual Machine Scale Sets with a pre-configured autoscaling policy.

Zero friction for adoption

Azure Load Balancer has been an important part of the customer’s end-to-end architecture for stable connectivity and smart load balancing. By leaving the existing network architecture as is and simply adding a Cross-region Load Balancer on top of the existing load balancer set up, the customer is saved from any additional overhead or friction due to the addition of a Cross-region Load Balancer.

Client IP preservation

Cross-region load balancer is a Layer-4 pass-through network load balancer, which ensures that the Load Balancer preserves the original IP address of the network packet. IP preservation allows you to apply logic in the backend server that is specific to the original client IP address.

Next steps

Cross-region Load Balancer is now in preview.

Read our Microsoft Docs page to learn about creating a Cross-region Load Balancer using the Azure portal.
Quelle: Azure

Digital transformation for manufacturers requires additional IT/OT security

While every industry is vulnerable to a ransomware attack, manufacturers are at a particular risk. While digitization and automation have helped transform the industry, it has simultaneously opened up new attack vectors within organizations. Now the most targeted industry, the manufacturing industry, has seen a 300 percent increase in cyberattacks in a single year.

Beyond the tremendous growth in attacks, manufacturing companies make an ideal target for hackers due to the high value of the companies themselves, the high costs of unplanned downtime, and the highly visible impact that downtime has on consumers’ daily lives. With the risks so high, an enterprise-level solution that provides visibility and protection like Microsoft Defender for IoT is essential.

Visibility is the first step to network protection

The number of connected industrial control system (ICS)/operational technology (OT) devices in manufacturing facilities continues to grow. The benefits for the operations side of the house are clear, but the lack of visibility into them poses serious security risks for chief information security officers (CISOs).

Manufacturers often have no way to identify and monitor what all their connected devices are doing and with whom or what they are communicating. Worse, all too often they lack even a simple inventory of all the connected devices they have in their facilities. In case of an attack, the lack of visibility means that they have no way of tracing the attack vector the hacker took, making them vulnerable to a second wave and delaying recovery and remediation.

Continuous monitoring without impacting productivity

Microsoft Defender for IoT not only creates asset maps within minutes of being turned on, but it also provides continuous monitoring of every device in every facility around the world. Microsoft’s Section 52 has access to tens of trillions of identity, endpoint, and other signals each day. The threat intelligence from this specialized IoT and ICS research team produces high-impact insights that help keep manufacturers safe from attacks.

The agentless nature of the system protects companies without impacting production, no matter the topology of the network or the regulations governing the industry. And, with round-the-clock protection, Microsoft Defender for IoT can alert the SecOps team about an intrusion any time, any place.

Security for networks in an age of IT and OT convergence

As their digital transformations have progressed, manufacturers have seen their IT and OT environments converge. The air gap between them that ensured production would continue even if IT assets were taken offline is increasingly a thing of the past. With these trendlines, forward-thinking CISOs and their boards are taking proactive steps to protect the entire company from cyber-physical attacks that could have huge costs to safety, production, reputation, and the bottom line.

Fortunately, Microsoft Defender for IoT can usually be deployed in less than a single day per facility and works right out of the box for large enterprises and small, niche facilities. With it, defenders of OT networks have a powerful new tool at their disposal to help keep hackers out and people, production, and profits safe.

For more information on how Microsoft Defender for IoT can help protect your business, visit Microsoft Defender for IoT | Microsoft Azure today.
Quelle: Azure