Discover how you can innovate anywhere with Azure Arc

Welcome to Azure Hybrid, Multicloud, and Edge Day—please join us for the digital event. Today, we’re sharing how Azure Arc extends Azure platform capabilities to datacenters, edge, and multicloud environments through an impactful, 90-minute lineup of keynotes, breakouts, and technical sessions available live and on-demand. As part of today’s event, we’re announcing the general availability of Azure Machine Learning for hybrid and multicloud deployments with Azure Arc. Now you can build, train, and deploy your machine learning models right where the data lives, such as your new or existing hardware and IoT devices.

When I talk with customers, one of the things I hear most frequently is how new cloud-based applications drive business forward. And as these new applications are built, they need to take full advantage of the agility, efficiency, and speed of cloud innovation. However, not all applications and infrastructure they run on can physically reside in the cloud. That’s why 93 percent of enterprises are committed to hybrid deployments for their on-premises, multicloud, and edge workloads.1

With Azure, we meet you where you are, so you can innovate anywhere. The Azure cloud platform helps you bring new solutions to life—to solve today’s challenges and create the future. Azure Arc is a bridge that extends the Azure platform so you can build applications and services with the flexibility to run across datacenters, edge, and multicloud environments.

Azure Arc provides a consistent development, operations, and security model for both new and existing applications. Our customers are using it to revolutionize their businesses, whether they’re building on new and existing hardware, virtualization and Kubernetes platforms, IoT devices, or integrated systems.

I’m constantly amazed by the ways people are using Azure and Azure Arc to create innovative solutions, and at the same time, overcome longstanding security and governance challenges.

John Deere brings modern cloud benefits on-premises and at the edge with hybrid data services

The iconic green and yellow John Deere tractors are a familiar sight in fields around the world. With a well-stocked technology portfolio that spans cloud platforms, on-premises datacenters, and edge devices at factories, John Deere’s modernization strategy makes the most of its assets while cultivating a path for the future.

Together with Azure Arc–enabled SQL Managed Instance, John Deere helps connect the dots across all these environments and puts the power of the cloud to work in the company’s existing infrastructure. The result? A unified view of operations across platforms that pivots on Azure Arc, helping John Deere to optimize manufacturing operations. Together with Azure Arc–enabled SQL Managed Instance, the hybrid solution is helping John Deere drive down operational costs and accelerate innovation.

Another opportunity the cloud provides is to transform data insights into new products and services. For years, Azure has provided machine learning and IoT solutions to unlock signals and data from the physical world. Azure Arc brings data services from Azure, like SQL, PostgreSQL, and Machine Learning so you can harness data insights from edge to cloud with an end-to-end solution from local data collection, compute, storage, and real-time analysis.

We recently announced Azure Arc–enabled SQL Managed Instance Business Critical is now generally available. The Business Critical tier of Azure Arc–enabled SQL Managed Instance is built for mission-critical workloads requiring the most demanding performance, high availability, and security. Azure Arc–enabled SQL Managed Instance comes from the same evergreen SQL in Azure that is always up to date with no end of support.

Wolverine Worldwide analyzes sensitive data on-premises to optimize the supply chain

Wolverine Worldwide owns beloved activewear and lifestyle brands such as Chaco, Saucony, Merrell, Keds, Sperry, and more. When the pandemic created a new set of unanticipated supply chain challenges across the global economy, Wolverine turned to cloud innovation to help its 13 brands.

“Previously, data was a little tough to get at. It was either a gut feel, or the opportunity bypassed us while we were doing our analysis. With Azure Arc, Wolverine can use Azure Machine Learning and data services to analyze holistically data from the supply chain, manufacturing, and its ecommerce business while keeping sensitive data on-premises.”—Jason Miller, Vice President for Enterprise Data, Planning & Analytics, Wolverine Worldwide

Whether you want to secure and govern servers or create a self-service experience on VMware from Azure, Azure Arc is validated on a variety of infrastructures so you can always get your applications and data to run where you need them.

Businesses can start with Azure Stack HCI support for single-node clusters, which is generally available, for flexibility to deploy Azure Stack HCI in smaller spaces and with lower processing needs. Additionally, we’re announcing today that Windows Admin Center can now manage your Azure Arc–enabled servers and Azure Stack HCI clusters from the Azure Portal. Using this functionality, you can securely manage your servers and clusters from Azure—without needing a VPN, public IP address, or other inbound connectivity to your machine.

Greggs modernizes security and operations

A bakery and coffee shop in the UK with over 2,200 retail locations, Greggs is another customer using Azure Arc–enabled security and management tools. The company needed visibility across its digital estate from on-premises Windows Servers to Kubernetes running in AKS.

“By deploying Azure Arc, we can use Microsoft Defender for Cloud for our on-premises server estate, something we couldn’t do before. We’ve gained significant security benefits—like secure risk score, compliance scoring, and assessments. The central aggregation of logs shows us if a security event actually occurs across multiple devices so that we can pinpoint potential causes.”—Scott Clennell, Head of Infrastructure and Networks, Greggs

For customers like Greggs, we continue to innovate on Azure Arc–enabled servers. We recently announced Azure Arc–enabled servers support for private endpoints, a new servers monitoring workbook created in the public Azure Monitor GitHub repository, and a preview of SSH access to Azure Arc–enabled servers.

With Azure Arc, you have access today to a comprehensive set of Azure services, such as Microsoft Defender for Cloud, Microsoft Sentinel, Azure Policy, Azure Monitor, and more to secure and manage resources and data anywhere.

Millennium bcp streamlines multicloud app deployments with Azure Arc

“We needed…the ability to move a workload running in an Azure Kubernetes Service (AKS) cluster to a Google Cloud Platform or Amazon Web Services cluster, or vice versa, in case of emergency. We needed something that could help us turn those into an enterprise-level service. That’s where Azure Arc came in.”—Nuno Guedes, Cloud Compute Lead, Millennium bcp

Millennium bcp is the largest private bank in Portugal and uses Azure Arc for a standard approach to deploy containers to its multicloud environment. Azure Arc helps companies like Millennium build and modernize cloud-native apps on any Kubernetes using familiar developer tools, like Visual Studio Code and GitHub, as well as implement consistent GitOps and policy-driven deployments across environments.

To support our customers’ app development, we recently announced GitOps with Flux v2 in AKS and Azure Arc–enabled Kubernetes, general availability of Arc–enabled Open Service Mesh, general availability of Azure Key Vault Secrets Provider extension, and the landing zone accelerator for Azure Arc–enabled Kubernetes.

Finally, a huge thank you to our partners and customers in the Azure Arc community. We hope you will enjoy the event and learn how Azure Arc can benefit your organization. We look forward to connecting and listening to your feedback.

Azure Hybrid, Multicloud, and Edge Day highlights

You can access everything on-demand, and check out the additional demos and customer stories in the event portal. Enjoy the event experience. I can’t wait to see how you innovate anywhere.

1Hybrid & Multicloud Perceptions Survey, Microsoft.
Quelle: Azure

Simplify and centralize network security management with Azure Firewall Manager

We are excited to share that Azure Web Application Firewall (WAF) policy and Azure DDoS Protection plan management in Microsoft Azure Firewall Manager is now generally available.

With an increasing need to secure cloud deployments through a Zero Trust approach, the ability to manage network security policies and resources in one central place is a key security measure.

Today, you can now centrally manage Azure Web Application Firewall (WAF) to provide Layer 7 application security to your application delivery platforms, Azure Front Door, and Azure Application Gateway, in your networks and across subscriptions. You can also configure DDoS Protection Standard for protecting your virtual networks from Layer 3 and Layer 4 attacks.

Azure Firewall Manager is a central network security policy and route management service that allows administrators and organizations to protect their networks and cloud platforms at a scale, all in one central place. 

Azure Web Application Firewall is a cloud-native web application firewall (WAF) service that provides powerful protection for web apps from common hacking techniques such as SQL injection and security vulnerabilities such as cross-site scripting.

Azure DDoS Protection Standard provides enhanced Distributed Denial-of-Service (DDoS) mitigation features to defend against DDoS attacks. It is automatically tuned to protect all public IP addresses in virtual networks. Protection is simple to enable on any new or existing virtual network and does not require any application or resource changes. 

By utilizing both WAF policy and DDoS protection in your network, this provides multi-layered protection across all your essential workloads and applications.

WAF policy and DDoS Protection plan management are an addition to Azure Firewall management in Azure Firewall Manager.

Centrally protect your application delivery platforms using WAF policies 

In Azure Firewall Manager, you can now manage and protect your Azure Front Door or Application Gateway deployments by associating WAF policies, at scale. This allows you to view all your key deployments in one central place, alongside Azure Firewall deployments and DDoS Protection plans.

Upgrade from WAF configuration to WAF policy

In addition, the platform supports administrators to upgrade from a WAF config to WAF policies for Application Gateways, by selecting the service and Upgrade from WAF configuration. This allows for a more seamless process for migrating to WAF policies, which supports WAF policy settings, managed rulesets, exclusions, and disabled rule-groups.

As a note, all WAF configurations that were previously created in Application Gateway can be done through WAF policy.

Manage DDoS Protection plans for your virtual networks

You can enable DDoS Protection Plan Standard on your virtual networks listed in Azure Firewall Manager, across subscriptions and regions. This allows you to see which virtual networks have Azure Firewall and/or DDoS protection in a single place.

View and create WAF policies and DDoS Protection Plans in Azure Firewall Manager

You can view and create WAF policies and DDoS Protection Plans from the Azure Firewall Manager experience, alongside Azure Firewall policies.

In addition, you can import existing WAF policies to create a new WAF policy, so you do not need to start from scratch if you want to maintain similar settings.

Monitor your overall network security posture

Azure Firewall Manager provides monitoring of your overall network security posture. Here, you can easily see which virtual networks and virtual hubs are protected by Azure Firewall, a third-party security provider, or DDoS Protection Standard. This overview can help you identify and prioritize any security gaps that are in your Azure environment, across subscriptions or for the whole tenant.

Coming soon, you’ll also be able to view your Application Gateway and Azure Front Door monitors, for a full network security overview.

Learn more

To learn more about these features in Azure Firewall Manager, visit the Manage Web Application Firewall policies tutorial, WAF on Application Gateway documentation, and WAF on Azure Front Door documentation. For DDoS information, visit the Configure Azure DDoS Protection Plan using Azure Firewall Manager tutorial and Azure DDoS Protection documentation.

To learn more about Azure Firewall Manager, please visit the Azure Firewall Manager home page.
Quelle: Azure

MLOps Blog Series Part 1: The art of testing machine learning systems using MLOps

Testing is an important exercise in the life cycle of developing a machine learning system to ensure high-quality operations. We use tests to confirm that something functions as it should. Once tests are created, we can run them automatically whenever we make a change to our system and continue to improve them over time. It is a good practice to reward the implementation of tests and identify sources of mistakes as early as possible in the development cycle to prevent rising downstream expenses and lost time.

In this blog, we will look at testing machine learning systems from a Machine Learning Operations (MLOps) perspective and learn about good case practices and a testing framework that you can use to build robust, scalable, and secure machine learning systems. Before we delve into testing, let’s see what MLOps is and its value to developing machine learning systems.

 

Figure 1: MLOps = DevOps + Machine Learning.

 

Software development is interdisciplinary and is evolving to facilitate machine learning. MLOps is a process for fusing machine learning with software development by coupling machine learning and DevOps. MLOps aims to build, deploy, and maintain machine learning models in production reliably and efficiently. DevOps drives machine learning operations. Let’s look at how that works in practice. Below is an MLOps workflow illustration of how machine learning is enabled by DevOps to orchestrate robust, scalable, and secure machine learning solutions.

 

Figure 2: MLOps workflow.

 

The MLOps workflow is modular, flexible, and can be used to build proofs of concept or operationalize machine learning solutions in any business or industry. This workflow is segmented into three modules: Build, Deploy, and Monitor. Build is used to develop machine learning models using an machine learning pipeline. The Deploy module is used for deploying models in developer, test, and production environments. The Monitor module is used to monitor, analyze, and govern the machine learning system to achieve maximum business value. Tests are performed primarily in two modules: the Build and Deploy modules. In the Build module, data is ingested for training, the model is trained using ingested data, and then it is tested in the model testing step.

1. Model testing: In this step, we evaluate the performance of the trained model on a separated set of data points named test data (which was split and versioned in the data ingestion step). The inference of the trained model is evaluated according to selected metrics as per the use case. The output of this step is a report on the trained model's performance. In the Deploy module, we deploy the trained models to dev, test, and production environments, respectively. First, we start with application testing (done in dev and test environments).

2. Application testing: Before deploying an machine learning model to production, it is vital to test the robustness, scalability, and security of the model. Hence, we have the "application testing" phase, where we rigorously test all the trained models and the application in a production-like environment called a test, or staging, environment. In this phase, we may perform tests such as A/B tests, integration tests, user acceptance tests (UAT), shadow testing, or load testing.

Below is the framework for testing that reflects the hierarchy of needs for testing machine learning systems.

 

Figure 3: Hierarchy of needs for testing machine learning systems.

 

One way to think about machine learning systems is to consider Maslow's hierarchy of needs. Lower levels of a pyramid reflect “survival,” and the true human potential is unleashed only after basic survival and emotional needs are met. Likewise, tests that inspect robustness, scalability, and security ensure that the system not only performs at the basic level but reaches its true potential. One thing to note is that there are many additional forms of functional and nonfunctional testing, including smoke tests (rapid health checks) and performance tests (stress), but they may all be classified as system tests.

Over the next three posts, we’ll cover each of the three broad levels of testing, starting with robustness and then moving on to scalability and finally, security.

For further details and to learn about hands-on implementation, check out the Engineering MLOps book, or learn how to build and deploy a model in Microsoft Azure Machine Learning using MLOps in the Get Time to Value with MLOps Best Practices on-demand webinar.

Source for images: Engineering MLOps book
Quelle: Azure

Azure powers rapid deployment of private 4G and 5G networks

As the cloud continues to expand into a ubiquitous and highly distributed fabric, a new breed of application is emerging: Modern Connected Applications. We define these new offerings as network-intelligent applications at the edge, powered by 5G, and enabled by programmable interfaces that give developer access to network resources. Along with internet of things (IoT) and real-time AI, 5G is enabling this new app paradigm, unlocking new services and business models for enterprises, while accelerating their network and IT transformation.

At Mobile World Congress this year, Microsoft announced a significant step towards helping enterprises in this journey: Azure Private 5G Core, available as a part of the Azure private multi-access edge compute (MEC) solution. Azure Private 5G Core enables operators and system integrators (SIs) to provide a simple, scalable, and secure deployment of private 4G and 5G networks on small footprint infrastructure, at the enterprise edge.

This blog dives a little deeper into the fundamentals of the service and highlights some extensions that enterprises can leverage to gain more visibility and control over their private network. It also includes a use case of an early deployment of Azure Kubernetes Services (AKS) on an edge platform, leveraged by the Azure Private 5G Core to rapidly deploy such networks.

Building simple, scalable, and secure private networks

Azure Private 5G Core dramatically simplifies the deployment and operation of private networks. With just a few clicks, organizations can deploy a customized set of selectable 5G core functions, radio access network (RAN), and applications on a small edge-compute platform, at thousands of locations. Built-in automation delivers security patches, assures compliance, and performs audits and reporting. Enterprises benefit from a consistent management experience and improved service assurance experience, with all logs and metrics from cloud to edge available for viewing within Azure dashboards.

Enterprises need the highest level of security to connect their mission critical operations. Azure Private 5G Core makes this possible by natively integrating into a broad range of Azure capabilities. With Azure Arc, we provide seamless and secure connectivity from an on-premises edge platform into the Azure cloud. With Azure role-based access control (RBAC), administrators can author policies and define privileges that will allow an application to access all necessary resources. Likewise, users can be given appropriate access to manage all resources in a resource group, such as virtual machines, websites, and subnets. Our Zero Trust security frameworks are integrated from devices to the cloud to keep users and data secure. And our complete, “full-stack” solution (hardware, host and guest operating system, hypervisor, AKS, packet core, IoT Edge Runtime for applications, and more) meets standard Azure privacy and compliance benchmarks in the cloud and on the enterprise edge, meaning that data privacy requirements are adhered to in each geographic region.

Deploying private 5G networks in minutes

Microsoft partner Inventec is a leading design manufacturer of enterprise-class technology solutions like laptops, servers, and wireless communication products. The company has been quick to see the potential benefit in transforming its own world-class manufacturing sites into 5G smart factories to fully utilize the power of AI and IoT.

In a compelling example of rapid private 5G network deployment, Inventec recently installed our Azure private MEC solution in their Taiwan smart factory. It took only 56 minutes to fully deploy the Azure Private 5G Core and connect it to 5G access points that served multiple 5G endpoints—a significant reduction from the months that enterprises have come to expect. Azure Private 5G Core leverages Azure Arc and Azure Kubernetes Service on-prem to provide security and manageability for the entire core network stack. Figures 1 and 2 below show snapshots from the trial.

Figure 1: Screenshot of logs with time stamps showing start and completion of the core network deployment.

Figure 2: Screenshot from the trial showing one access point successfully connected to seven endpoints.

Inventec is developing applications for manufacturing use-cases that leverage private 5G networks and Microsoft’s Azure Private 5G Core. Examples of these high-value MEC use cases include Automatic Optical Inspection (AOI), facial recognition, and security surveillance systems.

Extending enterprise control and visibility from the 5G core

Through close integration with other elements of the Azure private MEC solution, our Azure Private 5G Core essentially acts as an enterprise “control point” for private wireless networks. Through comprehensive APIs, the Azure Private 5G Core can extend visibility into the performance of connected network elements, simplify the provisioning of subscriber identity modules (SIMs) for end devices, secure private wireless deployments, and offer 5G connectivity between cloud services (like IoT Hub) and associated on-premises devices.

Figure 3: Azure Private 5G Core is a central control point for private wireless networks.

Customers, developers, and partners are finding value today with a number of early integrations with both Azure and third-party services that include:

Plug and play RAN: Azure private MEC offers a choice of 4G or 5G Standalone radio access network (RAN) partners that integrate directly with the Azure Private 5G Core. By integrating RAN monitoring with the Azure Private 5G Core, RAN performance can be made visible through the Azure management portal. Our RAN partners are also onboarding their Element Management System (EMS) and Service Management and Orchestrator (SMO) products to Azure, simplifying the deployment processes and have a framework for closed-loop radio performance automation.
Azure Arc managed edge: The Azure Private 5G Core takes advantage of the security and reliability capabilities of Azure Arc-enabled Azure Kubernetes Service running on Azure Stack Edge Pro. These include policy definitions with Azure Policy for Kubernetes, simplified access to AKS clusters for High Availability with Cluster Connect and fine-grained identity and access management with Azure RBAC. 
Device and Profile Management: Azure Private 5G Core APIs integrate with SIM management services to securely provision the 5G devices with appropriate profiles. In addition, integration with Azure IoT Hub enables unified management of all connected IoT devices across an enterprise and provides a message hub for IoT telemetry data. 
Localized ISV MEC applications: Low-latency MEC applications benefit from running side-by-side with core network functions on the common (Azure private MEC) edge-compute platform. By integrating tightly with the Azure Private 5G Core using Azure Resource Manager APIs, third-party applications can configure network resources and devices. Applications offered by partners are available in, and deployable from the Azure Marketplace.

It’s easy to get started with Azure private MEC

As innovative use cases for private wireless networks continue to develop and industry 4.0 transformation accelerates, we welcome ISVs, platform partners, operators, and SIs to learn more about Azure private MEC.

Application ISVs interested in deploying their industry or horizontal solutions on Azure should begin by onboarding their applications to Azure Marketplace.
Platform partners, operators, and SIs interested in partnering with Microsoft to deploy or integrate with private MEC can get started by reaching out to the Azure private MEC Team.

Microsoft is committed to helping organizations innovate from the cloud, to the edge, and to space—offering the platform and ecosystem strong enough to support the vision and vast potential of 5G. As the cloud continues to expand and a new breed of modern connected apps at the edge emerges, the growth and transformation opportunities for enterprises will be profound. Learn more about how Microsoft is helping developers embrace 5G.
Quelle: Azure

Supporting openEHR with Azure Health Data Services

This blog post is co-authored by Trent Norris, Cloud and Data Partner Alliances, HLS.

This blog is part of a series in collaboration with our partners and customers leveraging the newly announced Azure Health Data Services. Azure Health Data Services, a platform as a service (PaaS) offering designed exclusively to support Protected Health Information (PHI) in the cloud, is a new way of working with unified data—providing care teams with a platform to support both transactional and analytical workloads from the same data store and enabling cloud computing to transform how we develop and deliver AI across the healthcare ecosystem.

Microsoft Cloud for Healthcare and the Azure Health Data Services product engineering team are committed to global patient health information interoperability. We believe interoperability is table stakes to unlock and derive a more comprehensive assessment of the available clinical evidence.

In order to accomplish this connected interoperable data flow, we have built Azure Health Data Services around HL7v2, CCDA, FHIR, DICOM, and other connected standards and common schemas. Aligning to these common standards and schemas enables Microsoft’s partner-led strategy and GTM engagement with organizations that include but aren’t limited to openEHR, Better, EY, and EPAM.

Azure Health Data Services is the first of its kind to unify diverse data types in the same data store at the patient level as you bring it into the cloud, which means you can view structured, unstructured, and imaging data together for a holistic, real-time view—in just minutes. With the service, you can search and query across your data using a unified Fast Healthcare Interoperability Resources (FHIR®) structure and deploy a suite of services to connect it rapidly to the technology you need. Whether you’re blending patient data with population health data sets for AI development and analytics, visualizing data for operational efficiencies, deploying patient engagement tools for personalized care, or querying imaging metadata alongside clinical data using our new DICOMcast feature, Azure Health Data Services work with your existing systems to enhance what you’re doing today. It’s also built on open standards to ensure you can support new solutions and innovations yet to come.

We are major supporters and members of the openEHR foundation. We believe their commitment to open specifications, clinical models, and software that can be used to create and build solutions for healthcare is closely aligned to our mission here at Microsoft. Providing rich pipelines for the data into the cloud, where you can integrate analytical tools such as Azure Synapse or Data Bricks with healthcare’s transactional systems of record. We believe FHIR (with SMART on FHIR) is the standard that complements openEHR by acting as the USB exchange connector that will standardize access for other Microsoft Azure Services and FHIR application ecosystems.

Do more with your data with Microsoft Cloud for Healthcare

With Azure Health Data Services, health organizations can transform their patient experience, discover new insights with the power of machine learning and AI, and manage PHI data with confidence. Enable your data for the future of healthcare innovation with Microsoft Cloud for Healthcare.

We look forward to being your partner as you build the future of health.

Learn more about Azure Health Data Services.
Learn more about Microsoft Cloud for Healthcare.
Learn more about how health companies are using Azure to drive better health outcomes.

®FHIR is a registered trademark of Health Level Seven International, registered in the U.S. Trademark Office, and is used with their permission.
Quelle: Azure

Find the clarity and guidance you need to realize cloud value

A modernized cloud workload offers significant benefits—including cost savings, optimized security and management, and opportunities for ongoing innovation. But the process of migrating and modernizing workloads can be challenging. That’s why it’s essential to prepare and plan ahead—and to ensure that your organization finds continued value in the cloud.

Whether you’re just starting your move to the cloud or are looking for ways to optimize your current cloud workloads, my team and I are committed to helping you maximize your cloud investments, overcome technical barriers, adopt new business processes, develop your team’s skills, and achieve sustainable innovation in the cloud. That’s why we invite you to watch sessions from Realizing Success in the Cloud—now available on-demand.

At this digital event, attendees learned about the key components of a successful cloud adoption journey. They heard Microsoft leaders, industry experts, and Azure customers discuss ways to drive value with migration and modernization. They also discovered best practices for boosting adoption across organizations and enabling sustainable innovation in the long term.

Check out these session highlights, which cover three critical areas of the cloud journey:

1. Optimize your business value in the cloud

In the early phases of any new cloud project, it’s essential that you define strategy, understand motivations, and identify business outcomes. Maybe you’re looking to optimize your cost investment and reduce technical debt. Or maybe adoption might enable your team to build new technical capabilities and products. Whether you’re looking to migrate, modernize, or innovate in the cloud, you’ll want to build a business case that sets your organization up for success—and we’ll show you how to put one together.

With the help of Jeremy Winter, Azure VP of Program Management, you’ll explore the process using key technical and financial guidelines. In this session, you’ll discover templates, assessments, and tools for estimating your cloud costs, managing spending, and maximizing the overall value you get from Azure. You’ll also hear how the cloud experts at Insight, a Microsoft technology partner, use Azure enablement resources to help their clients realize savings.

2. Customize your Azure journey

Your organization’s business, security, and industry requirements are unique, which is why you’ll need to develop a tailored plan that will help you successfully execute your vision—and ensure that your deployment and operations needs are being met. That’s why it’s important to understand when to adhere to the best practices of your cloud vendor—and when to customize your journey—with guidance from the experts.

In the session led by Uli Homann, Microsoft VP of Cloud and AI, you’ll learn how to set up scalable, modular cloud environments using Azure landing zones. As you prepare for post-deployment, you’ll find out how to evaluate the cost efficiency, performance, reliability, and security of your workload performance using recommendations from the Azure Well-Architected Framework and Azure Advisor. Uli also speaks with NHS Digital, the technology partner for the UK’s public healthcare system, to discuss how they built a responsive system architecture that could scale and perform under unprecedented demand.

3. Accelerate success with Azure skills training

Whether you’re migrating to the cloud or building a cloud-native app, the skills of your team are key to enabling successful business outcomes. Azure skills training fosters a growth mindset and helps your team develop expertise that impacts your entire organization, from individual career advancement to sustainable, long-term innovation.

In a fireside chat between Sandeep Bhanot, Microsoft VP of Global Technical Learning, and Cushing Anderson, VP of IT Education and Certification at IDC, you’ll hear about key learnings from research that highlight the business value of skills training for accelerating success. You’ll also explore how to use these findings to build a compelling business case for developing skills training programs in your organization.

Watch this event on-demand to:

Get an overview of the cloud enablement tools, programs, and frameworks available to help you realize your goals on Azure.
See these resources in action. Hear success stories from customers like KPMG who have used Azure enablement resources to build, optimize, and achieve ongoing value in the cloud.
Hear insights from Microsoft product experts as they answer questions from the Azure community during the Q and A.

The live event may be over, but you still have the chance to learn and explore at your own pace, on your own time. Discover how to quickly access and use the right set of Azure enablement tools for your specific needs—and pave the way for ongoing success in the cloud. 

Watch now.
Quelle: Azure

Learn what’s new in Azure Firewall

This post was co-authored by Suren Jamiyanaa, Program Manager 2, Azure Networking.

We continue to be amazed by the adoption, interest, positive feedback, and the breadth of use cases customers are finding for our service. Today, we are happy to share several key Azure Firewall capabilities as well as an update on recent important releases into general availability and preview.

Intrusion Detection and Prevention System (IDPS) signatures lookup now generally available.
TLS inspection (TLSi) Certification Auto-Generation now generally available.
Web categories lookup now generally available.
Structured Firewall Logs now in preview.
IDPS Private IP ranges now in preview.

Azure Firewall is a cloud-native firewall-as-a-service offering that enables customers to centrally govern and log all their traffic flows using a DevOps approach. The service supports both application and network-level filtering rules and is integrated with the Microsoft Threat Intelligence feed for filtering known malicious IP addresses and domains. Azure Firewall is highly available with built-in auto-scaling.

IDPS signatures lookup

Azure Firewall Premium IDPS signature lookup is a great way to better understand the applied IDPS signatures on your network as well as fine-tuning them according to your specific needs. IDPS signatures lookup allows you to:

Customize one or more signatures and change their mode to Disabled, Alert, or Alert and Deny. For example, if you receive a false positive where a legitimate request is blocked by Azure Firewall due to a faulty signature, you can use the signature ID from the network rules logs and set its IDPS mode to off. This causes the "faulty" signature to be ignored and resolves the false positive issue.
You can apply the same fine-tuning procedure for signatures that are creating too many low-priority alerts, and therefore interfering with visibility for high-priority alerts.
Get a holistic view of the entire 58,000 signatures.
Smart search.
Allows you to search through the entire signatures database by any type of attribute. For example, you can search for specific CVE-ID to discover what signatures are taking care of this CVE by typing the ID in the search bar.

TLSi Certification Auto-Generation

For non-production deployments, you can use the Azure Firewall Premium TLS inspection Certification Auto-Generation mechanism, which automatically creates the following three resources for you:

Managed Identity
Key Vault
Self-signed Root CA certificate

Just choose the new managed identity, and it ties the three resources together in your Premium policy and sets up TLS inspection.

Web categories lookup

Web Categories is a filtering feature that allows administrators to allow or deny web traffic based on categories, such as gambling, social media, and more. We added tools that help manage these web categories: Category Check and Mis-Categorization Request.

Using Category Check, an admin can determine which category a given FQDN or URL falls under. In the case that a FQDN or URL fits better under a different category, an administrator can also report an incorrect classification, in which the request will be evaluated and updated if approved.

Structured Firewall Logs

Today, the following diagnostic log categories are available for Azure Firewall:

Application rule log
Network rule log
DNS proxy log

These log categories are using Azure diagnostics mode. In this mode, all data from any diagnostic setting will be collected in the AzureDiagnostics table.

With this new feature, customers will be able to choose using Resource Specific Tables instead of the existing AzureDiagnostics table. In case both sets of logs are required, at least two diagnostic settings would need to be created per firewall.

In Resource Specific mode, individual tables in the selected workspace are created for each category selected in the diagnostic setting.

This method is recommended since it makes it much easier to work with the data in log queries, provides better discoverability of schemas and their structure, improves performance across both ingestion latency and query times, and the ability to grant Azure role-based access control (RBAC) rights on a specific table.

New Resource Specific tables are now available in diagnostic setting allowing users to utilize the following newly added categories:

Network rule log: contains all Network Rule log data. Each match between data plane and network rule creates a log entry with the data plane packet and the matched rule's attributes.
NAT rule log: contains all destination network address translation (DNAT) events log data. Each match between data plane and DNAT rule creates a log entry with the data plane packet and the matched rule's attributes.
Application rule log: contains all Application rule log data. Each match between data plane and Application rule creates a log entry with the data plane packet and the matched rule's attributes.
Threat Intelligence log: contains all Threat Intelligence events.
IDPS log: contains all data plane packets that were matched with one or more IDPS signatures.
DNS proxy log: contains all DNS Proxy events log data.
Internal FQDN resolve failure log: contains all internal Firewall FQDN resolution requests that resulted in failure.
Application rule aggregation log: contains aggregated Application rule log data for Policy Analytics.
Network rule aggregation log: contains aggregated Network rule log data for Policy Analytics.
NAT rule aggregation log: contains aggregated NAT rule log data for Policy Analytics.

Additional Kusto Query Language (KQL) log queries were added (as seen in the diagram below) to query structured firewall logs.

IDPS Private IP ranges

In Azure Firewall Premium IDPS, Private IP address ranges are used to identify if traffic is inbound or outbound. By default, only ranges defined by Internet Assigned Numbers Authority (IANA) RFC 1918 are considered private IP addresses. To modify your private IP addresses, you can now easily edit, remove or add ranges as needed.

Learn more

Azure Firewall Documentation.
Azure Firewall Preview Features.
Azure Firewall Premium.
Azure Firewall Web Categories.

Quelle: Azure

Achieve seamless observability with Dynatrace for Azure

This blog post has been co-authored by Manju Ramanathpura, Principal Group PM, Azure DevEx & Partner Ecosystem.

As adoption of public cloud grows by leaps and bounds, organizations want to leverage software and services that they love and are familiar with as a part of their overall cloud solution. Microsoft Azure enables customers to host their apps on the globally trusted cloud platform and use the services of their choice by closely partnering with popular SaaS offerings. Dynatrace is one such partner that provides deep cloud observability, advanced AIOps, and continuous runtime application security capabilities on Azure.

“Deep and broad observability, runtime application security, and advanced AI and automation are key for any successful cloud transformation. Through the Dynatrace platform’s integration with Microsoft Azure, customers will now have immediate access to these capabilities. This integration will deliver answers and intelligent automation from the massive amount of data generated by modern hybrid-cloud environments, enabling flawless and secure digital interactions.”—Steve Tack, SVP Product Management, Dynatrace.

Modern cloud-native environments are complex and dynamic. When failures occur, development teams need deep visibility into the systems to get to the root cause of the issues and understand the impact of potential fixes. Good observability solutions such as Dynatrace for Azure not only enable you to understand what is broken, but also provide the ability to proactively identify and resolve issues before they impact your customers. Currently, if you want to leverage Dynatrace for observability, you go through a complex process of setting up credentials, Event Hubs, and writing custom code to send monitoring data from Azure to Dynatrace. This is often time-consuming and hard to troubleshoot when issues occur. To alleviate this customer pain, we worked with Dynatrace to create a seamlessly integrated solution on Azure that’s now available on the Azure Marketplace.

Dynatrace’s integration provides a unified experience with which you can:

Create a new Dynatrace environment in the cloud with just a few clicks. Dynatrace SaaS on Azure is a fully managed offering that takes away the need to set up and operate infrastructure.
Seamlessly ship logs and metrics to Dynatrace. Using just a few clicks, configure auto-discovery of resources to monitor and set up automatic log forwarding. Configuring Event Hubs and writing custom code to get monitoring data is now a thing of the past.
Easily install Dynatrace OneAgent on virtual machines (VMs) and App Services through a single click. OneAgent continuously monitors the health of host and processes and automatically instruments any new processes.
Use single sign-on to access the Dynatrace SaaS portal—no need to remember multiple credentials and log in separately.
Get consolidated billing for the Dynatrace service through Azure Marketplace.

“Microsoft is committed to providing a complete and seamless experience for our customers on Azure. Enabling developers to use their most loved tools and services makes them more productive and efficient. Azure native integration of Dynatrace makes it effortless for developers and IT administrators to monitor their cloud applications with the best of Azure and Dynatrace together.”—Balan Subramanian, Partner Director of Product Management, Azure Developer Experiences.

Get started with Dynatrace for Azure

Let’s now look at how you can easily set up and configure Dynatrace for Azure:

Acquire the Dynatrace for Azure offering: You can find and acquire the solution from the Azure Marketplace.

 

Create a Dynatrace resource in Azure portal: Once the Dynatrace solution is acquired, you can seamlessly create a Dynatrace resource using the Azure portal. Using the Dynatrace resource, you can configure and manage your Dynatrace environments within the Azure portal.

 

Configure log forwarding: Configure which Azure resources send logs to Dynatrace, using the familiar concept of resource tags.

 

Install Dynatrace OneAgent: With a single click, you can install Dynatrace OneAgent on multiple VMs and App Services.

 

Access Dynatrace native service for Azure with single sign-on: Use the single sign-on experience to effortlessly access dashboards, Smartscape® topology visualization, log content, and more on the Dynatrace portal.

Next steps

Subscribe to the preview of Dynatrace’s integration with Azure available in the Azure Marketplace.
Learn more about the Dynatrace integration.

Quelle: Azure

SUSECON 2022: Powering Business Critical Linux workloads on Azure

Since 2009, Microsoft and SUSE have partnered to provide Azure-optimized solutions for SUSE Linux Enterprise Server (SLES). SLES for SAP Applications is the leading platform for SAP solutions on Linux, with over 90 percent of SAP HANA deployments and 70 percent of SAP NetWeaver applications running on SUSE. Microsoft and SUSE jointly offer agility and flexibility for next-generation SAP landscape powered by SAP HANA.

Microsoft is sponsoring SUSECON Digital 2022 to bring the latest technological advancements to customers and the open-source community at large. In keeping with SUSECON Digital 2022’s Future Forward theme, we’ll be shining light on the latest and greatest, unraveling the worlds of business-critical Linux, enterprise container management, and edge innovation. In the three-day event from June 7 to 9, Microsoft will participate in several activities such as keynotes, demo sessions, and virtual booths. When you need a break, there are wellness sessions, games, and opportunities to win exciting prizes.

The need for innovation has never been greater. To become more agile and accelerate innovation, organizations are embarking on journeys of digital transformation. These transformations require modernizing legacy infrastructure and applications, adopting cloud-native technologies, and pushing organizational boundaries beyond the data center and cloud, all the way to the edge.

Hiren Shah, Head of Products, SAP on Azure Core Platform, Microsoft will join Markus Noga, GM Linux, SUSE at the Business Critical Linux keynote session to highlight how our partnership powers SAP workloads in critical business functions such as finance, supply chain, procurement, and enhances customer experience. Downtime caused by infrastructure outages can result in business disruption and lost revenue. A few areas where joint development is currently in progress include:

High availability with SUSE pacemaker cluster for SAP HANA workloads.
Automated resource migration when infrastructure fails.
Automation of deployment for SAP HANA workloads and Operating System configuration including High Availability.
Monitoring of high availability (HA) setup with Azure monitor for SAP Solutions.
Identifying common configuration errors through customer engagements
Live patching, balanced uptime, and security needs

In addition to the Cornerstone Keynote discussion, the Microsoft team will deliver six breakout sessions, covering topics such as Azure high-performance computing software platform, SLES for SAP applications, Azure Hybrid Benefit, SQL server, automotive software development, and more. We will focus on best practices for SQL Server SLES-based Azure Virtual Machines. Many of our customers are now deploying SQL Server containers as part of their data estate modernization strategy; the sessions will cover how Rancher can be used to deploy SQL Server containers and manage production workloads.

Migrating mission-critical SAP workloads can be complex for enterprises. Microsoft’s open source SAP Deployment Automation Framework can help customers deploy infrastructure using Terraform (infrastructure as code) and install SAP using Ansible (configuration as code). SUSE has been a co-development partner with Microsoft in developing this open source framework. This framework enables the accelerated deployment of SAP and is aligned with reference architecture and best practices. We are excited to continue our partnership with SUSE as we explore synergies within SAP operations (and beyond) to see an increasing number of customers and partners leveraging our framework.

Learn more about the latest updates

Join us at SUSECON Digital 2022 to learn more and bring your questions to our experts. Learn more about deploying secure, reliable, flexible hybrid cloud environments using SUSE solutions on Azure.
Explore how Azure Hybrid Benefit extends SLES workloads on Azure removing migration friction with integrated support provided by Microsoft.

Resources

Learn how Azure Monitor for SAP Solutions monitors products for customers.
Read more about SQL Server on Virtual Machines and how to migrate to the cloud.
Discover how to use SUSE SAP automation solution on Azure.

Quelle: Azure

Top 5 reasons to attend Azure Hybrid, Multicloud, and Edge Day

Infrastructure and app development are becoming more complex as organizations span a combination of on-premises, cloud, and edge environments. Such complexities arise when:

Organizations want to maximize their existing on-premises investments like traditional apps and datacenters.
Workloads can’t be moved to public clouds due to regulatory or data sovereignty requirements.
Low latency is required, especially for edge workloads.
Organizations need innovative ways to transform their data insights into new products and services.

Operating across disparate environments presents management and security complexities. But comprehensive hybrid solutions can not only address these complexities but also offer new opportunities for innovation. For example, organizations can innovate anywhere across hybrid, multicloud, and edge environments by bringing Azure security and cloud-native services to those environments with a solution like Azure Arc.

That’s why we’re excited to present Azure Hybrid, Multicloud, and Edge Day—your chance to see how to innovate anywhere with Azure Arc. Join us at this free digital event on Wednesday, June 15, 2022, from 9:00 AM‒10:30 AM Pacific Time.

Here are five reasons to attend Azure Hybrid, Multicloud, and Edge Day:

Hear real-world success stories, tips, and best practices from customers using Azure Arc. IT leaders from current customers will share how they use Azure Arc to enable IT, database, and developer teams to deliver value to their users faster, quickly mine business data for deeper insights, modernize existing on-premises apps, and easily keep environments and systems up to date.
Be among the first to hear Microsoft product experts present innovations, news, and announcements for Azure Arc. Get the latest updates on the most comprehensive portfolio of hybrid solutions available.
See hybrid solutions in action. Watch demos and technical deep dives—led by Microsoft engineers—on hybrid and multicloud solutions, including Azure Arc and Azure Stack HCI. You’ll also hear product leaders present demos on Azure Arc–enabled SQL Managed Instance, Business Critical—a service tier that just recently became generally available. Business Critical is built for mission-critical workloads that require the most demanding performance, high availability, and security.
Get answers to your questions. Use the live Q&A chat to ask your questions and get insights on your specific scenario from Microsoft product experts and engineers.
Discover new skill-building opportunities. Learn how you can expand your hybrid and multicloud skillset with the latest trainings and certifications from Microsoft, including the Windows Server Hybrid Administrator Associate certification.

And here’s a first look at one of the Azure customers sharing their perspective at this digital event: Greggs

A United Kingdom favorite for breakfast, lunch, and coffee on the go, Greggs has been modernizing their 80-year-old business through digital transformation. When they needed to consolidate their sprawl between their on-premises server estate and their virtual machines, their IT team turned to Azure Arc.

“One of the advantages of Arc was that we could use one strategy across both on-premises and off-premises architecture,” says Scott Clennell, Head of Infrastructure and Networks at Greggs. “We deployed Azure Arc on our on-premises architecture, then throughout the rest of the infrastructure very rapidly—a matter of a couple of weeks.”

Not only has Azure Arc helped the IT team manage their digital estate better—it’s transformed their team culture. By uniting their entire IT team around Azure Arc, they can work better with their developers using common systems and collaboration tools.

Hear from Greggs and more featured customers at Azure Hybrid, Multicloud, and Edge Day. We hope you can attend!

Azure Hybrid, Multicloud, and Edge Day

June 15, 2022
9:00 AM‒10:30 AM Pacific Time

Delivered in partnership with Intel.

Quelle: Azure