Kategorie: Microsoft Azure

Azure Cost Management and Billing updates – March 2022

Whether you're a new student, a thriving startup, or the largest enterprise, you have financial constraints, and you need to know what you're spending, where, and how to plan for the future. Nobody wants a surprise when it comes to the bill, and this is where Azure Cost Management and Billing comes in.

We're always looking for ways to learn more about your challenges and how Azure Cost Management and Billing can help you better understand where you're accruing costs in the cloud, identify and prevent bad spending patterns, and optimize costs to empower you to do more with less. Here are a few of the latest improvements and updates based on your feedback:

Manage your Enterprise Agreement billing account in the Azure portal
What's new in Cost Management Labs
New ways to save money with Azure
Documentation updates
Join the Azure Cost Management and Billing team

Let's dig into the details.

 

Manage your Enterprise Agreement billing account in the Azure portal

If you manage an Enterprise Agreement (EA) billing account, you’re familiar with the EA portal where you can manage the account hierarchy, view credit balance, and view cost for each department, account, and subscription. This has been a great foundation, but did you know there are even more tools that can help you better monitor, manage, and optimize costs within the Azure portal?

When it comes to managing your billing account (enrollment), you have all the same EA tools available from Cost Management and Billing in the Azure portal:

Seamlessly create and manage the enrollment hierarchy.
Manage access to departments, accounts, and subscriptions.
View properties and manage policies, like the ability to view charges and purchase reservations.
View notification contacts for enrollment emails.

Looking beyond account management, you’ll start to see new tools to help you monitor and manage costs:

View and track Microsoft Azure Consumption Commitment (MACC) balance.
View and download invoices.
View and download consolidated usage and charges, including options for amortized reservation charges.
Analyze and drill into your costs in the portal or schedule automated exports.
Split shared costs to drive more visibility and accountability throughout the organization with cost allocation.
Configure budgets to get alerted before costs exceed predefined thresholds.

With these updates, managing your EA billing account from the Azure portal is now generally available for direct EA enrollments. Learn more and let us know what you’d like to see next.

 

What's new in Cost Management Labs

With Cost Management Labs, you get a sneak peek at what's coming in Azure Cost Management and can engage directly with us to share feedback and help us better understand how you use the service, so we can deliver more tuned and optimized experiences. Here are a few features you can see in Cost Management Labs:

Update: Total cost in the cost analysis preview—now available in the public portal
See your total cost at the top of the cost analysis preview. You can opt in using Try Preview or by using the cost analysis preview in Cost Management Labs.
New: Access preview views from classic cost analysis
Get one-click access to the new preview views from classic cost analysis in the View menu. You can see this in classic cost analysis in Cost Management Labs.
New: Anomaly detection alerts
Subscribe to automatic email alerts when a new anomaly has been detected. Anomaly detection is only available for subscriptions in the cost analysis preview. You can opt into this preview using Try Preview and then configure anomaly alerts from the Alerts page.
Grouping SQL databases and elastic pools
Get an at-a-glance view of your total SQL costs by grouping SQL databases and elastic pools under their parent server in the cost analysis preview. You can opt in using Try Preview.
Average cost in the cost analysis preview
See your average daily cost at the top of the cost analysis preview. You can opt in using Try Preview.
Charts in the cost analysis preview
View your daily or monthly cost over time in the cost analysis preview. You can opt in using Try Preview.
Budgets in the cost analysis preview
Quickly create and edit budgets directly from the cost analysis preview. If you don’t have a budget yet, you’ll see a suggested budget based on your forecast. You can opt in using Try Preview.
View cost for your resources
The cost for your resources is one click away from the resource overview in the preview portal. Just click View cost to quickly jump to the cost of that particular resource.
Change scope from the menu
Change scope from the menu for quicker navigation. You can opt in using Try Preview.

Of course, that's not all. Every change in Azure Cost Management is available in Cost Management Labs a week before it's in the full Azure portal. We're eager to hear your thoughts and understand what you'd like to see next. What are you waiting for? Try Cost Management Labs today.

 

New ways to save money with Azure

Lots of cost optimization improvements over the last month! Here are new and updated offers you might be interested in:

General availability: Automatically delete a VM and its associated resources simultaneously.
Generally available: Virtual Machine level disk bursting supports M-series, Msv2-series Medium Memory, and Mdsv2-series Medium Memory VM families.
General availability: Best practices assessment for SQL virtual machines.
General availability: Azure Database for MySQL Flexible Server now available in US Gov Virginia and China East 2 and China North 2.
General availability: Azure Database for PostgreSQL Flexible Server now available in US Gov Virginia and US Gov Arizona.
General availability: Azure NetApp Files is now available in Australia Central 2 with support for cross-region replication.
Preview: On-demand capacity reservations for Azure Site Recovery.
Preview: Azure Hybrid Benefit for Linux Bring Your Own Subscription.
Preview: SKU recommendation in Azure SQL Migration extension for Azure Data Studio.

 

Documentation updates

Here are a few documentation updates you might be interested in:

Learn about built-in views available in cost analysis.
Documented common questions about the UsageDetails API.
Increased the subscription limit from 2000 to 5000 subscriptions per EA enrollment account.
Updated subscription transfer articles for newly supported transfer scenarios, including reservations getting automatically transferred.

Want to keep an eye on all of the documentation updates? Check out the Cost Management and Billing documentation change history in the azure-docs repository on GitHub. If you see something missing, select Edit at the top of the document and submit a quick pull request.

 

Join the Azure Cost Management and Billing team

Are you excited about helping customers and partners better manage and optimize costs? We're looking for passionate, dedicated, and exceptional people to help build best in class cloud platforms and experiences to enable exactly that. If you have experience with big data infrastructure, reliable and scalable APIs, or rich and engaging user experiences, you'll find no better challenge than serving every Microsoft customer and partner in one of the most critical areas for driving cloud success.

Watch the video below to learn more about the Azure Cost Management and Billing team:

Join our team.

What's next?

These are just a few of the big updates from last month. Don't forget to check out the previous Azure Cost Management and Billing updates. We're always listening and making constant improvements based on your feedback, so please keep the feedback coming.

Follow @AzureCostMgmt on Twitter and subscribe to the YouTube channel for updates, tips, and tricks. You can also share ideas and vote up others in the Cost Management feedback forum or join the research panel to participate in a future study and help shape the future of Azure Cost Management and Billing.

We know these are trying times for everyone. Best wishes from the Azure Cost Management and Billing team. Stay safe and stay healthy.
Quelle: Azure

Introducing the new Azure Front Door: Reimagined for modern apps and content

This blog has been co-authored by Jessie Jia, Senior Program Manager, Azure Networking and Gunjan Jain, Principal Program Manager, Azure Networking.

In 2019, we launched Azure Front Door to bring enterprise-grade content delivery network (CDN) capabilities to our customers. This was a result of our own cloud journey over the past 13 years, which led us to develop unique infrastructure and services hardened by support for Microsoft’s largest applications like Bing, Microsoft 365, LinkedIn, Skype, and Azure. Read about LinkedIn’s experience1 migrating their own infrastructure to Azure Front Door.

Since then, a lot has changed for you and your customers. The acceleration of digital transformation to adapt to new ways of doing business, hybrid working models, and increasing security costs has driven the demand for a new type of cloud CDN that can address these modern challenges and simplify internet-first architectures in the cloud.

Today, we are announcing the general availability of the new Azure Front Door, our native, modern cloud content delivery network (CDN) catering to both dynamic and static content acceleration with built-in turnkey security, and a simple and predictable pricing model. There are two Azure Front Door tiers—Azure Front Door Standard and Premium—that provide a unified, secure solution for delivering your applications, APIs, and content on Azure or anywhere.

Azure Front Door: The modern enterprise CDN

Every company is now a technology company challenged with managing a rapidly growing digital footprint, dispersed workforce, and evolving security threats. As a result, enterprises are looking for solutions that help meet the rising demands for better scalability, more security, higher performance, greater automation, and easier manageability—with reduced costs.

Whether you’re delivering content and files or building global apps and APIs, Azure Front Door can help you deliver higher availability, lower latency, better scale, and more secure experiences to your users wherever they are. Azure Front Door also enables you to define, manage, and monitor the global routing for your app.

Dynamic and static content acceleration with intelligent security

With the addition of Azure Front Door Standard and Premium, two new tiers that combine the capabilities of Azure Front Door (classic) and Azure CDN from Microsoft (classic) and attach with Azure Web Application Firewall (WAF), Azure Front Door is now a unified, modern cloud CDN platform with intelligent threat protection and simple to understand pricing model, built on Microsoft’s massive-scale private global network.

Azure Front Door now also provides a rich set of advanced capabilities that enhance the DevOps experience, security posture, and cost-effectiveness for enterprise customers migrating and/or deploying high-performance, scalable, and secure applications on Azure or anywhere.

The key benefits you can get from Azure Front Door include:

Modern architecture

Build and operate dynamic, high-quality digital experiences with highly automated, secure, and reliable platforms.

Deeply integrated experiences with other Azure applications and services such as domain name system (DNS) and Web Apps to improve manageability and speed up deployment. We now offer DNS TXT record-based validation to simplify and reduce delays around custom domain validation.
Improved automation and simplified provisioning with cloud-native and DevOps friendly command line tools. For example, you can now provision custom domains along with other resources in one deployment and validate the domain ownership afterward or use the new Quick Create option in the portal to dramatically reduce deployment and configuration steps.
Enhanced analytics capabilities such as access logs, health probe logs, additional metrics, and pre-built traffic and security reports for more effective monitoring, troubleshooting, and debugging.
Expanded rules at the edge with enhanced rules engine capabilities adding regular expressions and server variables that let you move more of your business logic to the edge and create more complex and dynamic routing between your users and backends.

Fast global delivery

Deploy your apps and content at scale to your users wherever they are—creating opportunities for you to compete, weather change, and quickly adapt to new demand and markets. 

A truly global network built by Microsoft with hundreds of edge locations connected to Azure via a private WAN that can improve latency for apps by up to three times and provides enterprise-grade reliability and massive scalability to deliver low latency and high throughput for consistent application experiences.
Unified static and dynamic delivery is offered in a single service to accelerate and scale your application and with real-time routing to develop high-availability experiences for applications hosted in Azure or anywhere.
A simplified cost model that reduces billing complexity by having fewer meters customers need to plan for and integrated egress (data transfer outbound) pricing that removes the separate egress charge from Azure regions to Azure Front Door. Please refer to the Azure Front Door pricing page for more details.

Intelligent security

Protect your digital estate against known and new threats with intelligent security that embrace a Zero Trust framework.

Best-of-breed security services seamlessly attached such as built-in layer 3-4 DDoS protection, Web Application Firewall, Azure DNS to protect your domains, and Azure Private Link.
WAF enhancements offer a powerful, yet cost-effective protection from common attacks and bots and are customizable to application-specific detections. Azure Front Door Premium includes Azure Web Application Firewall at no additional cost and provides enhanced capabilities. Azure WAF is also releasing a new DRS 2.0 RuleSet, offering reduced false positives and anomaly scoring-based detection. Bot manager—now generally available, provides an additional layer of Bot detection based on Microsoft Threat Intelligence.
Azure Private Link support on Azure Front Door Premium with availability in all Azure regions with availability zones, enabling your application to extend all the way out to the edge with private access from Azure Front Door to your backends in Azure.

Azure Front Door (classic) and Azure CDN from Microsoft (classic)

The existing Azure Front Door and Azure CDN from Microsoft will now be known as Azure Front Door (classic) and Azure CDN from Microsoft (classic) moving forward. Azure Front Door (classic), as well as Azure CDN from Microsoft (classic), will continue to be fully supported and you can continue to use them. However, we encourage you to take advantage of Azure Front Door Standard and Premium as the latest capabilities and future enhancements will not be available on Azure Front Door (classic).

Over the coming months, we will be launching zero downtime migrations from Azure Front Door (classic) and Azure CDN from Microsoft (classic) to Azure Front Door Standard and Premium. Please stay tuned for more updates. If you are new to Azure Front Door, you can easily launch Azure Front Door Standard and Premium in the Azure portal or using our API.

Get started

Get started with the new Azure Front Door today! To learn more about the service and various features, refer to the Azure Front Door documentation. If you are interested in exploring capabilities beyond the standard offering, simply file a feature request on our Networking Community Page or feel free to contact us at afdfeedback@microsoft.com.

1Accelerating the LinkedIn Experience with Azure Front Door.
Quelle: Azure

RISE with SAP on the Microsoft Cloud: A year in review

Today, we are announcing that Microsoft and SAP are advancing our partnership by deepening our commitment to each other’s platform. Microsoft will be the first public cloud provider to adopt the RISE with SAP solution internally to transform some of its large SAP ERP deployments. This takes place on the one-year anniversary of our partnership with SAP to offer the Microsoft Cloud as one of the infrastructure options for the RISE with SAP solution. This move deepens an already strong partnership and will allow Microsoft to accelerate our own SAP S/4HANA® modernization while enabling us to develop greater expertise and best practices to better serve our customers.

As part of its transformative journey and to gain operational efficiencies, SAP will optimize its IT operations for some critical internal business systems using the RISE with SAP operations model on Microsoft Azure. Customers and partners have experienced early success in accelerating their business transformation and simplifying their path to the intelligent enterprise. For example:

The National Basketball Association (NBA) chose to migrate its SAP® solutions and other IT resources to Microsoft Azure and leverage the RISE with SAP offering to facilitate its ongoing cloud evolution. The NBA has gained flexibility, scalability, and access to a wide range of data and AI services in Azure that will help the league deliver best-in-class fan engagement through data consolidation and reduced IT management overhead. “The RISE with SAP bundle is really strategic for the NBA,” says Puneet Toteja, Senior Director at NBA.

“With the built-in AI, data warehouse, and personalization capabilities of Azure, we can generate fan-centric experiences that bring together business, game, and fan data to enhance the ways people can enjoy interacting with the NBA,” remarks Sahil Gupta, Senior Vice President and Head of Application Development at NBA.

Fressnapf, the leading pet product retailer in Europe, has gained greater flexibility, scalability, and reliability using the RISE with SAP solution on Azure, which brings together the best-of-breeds: SAP as its central business platform and Azure as its scalable infrastructure platform.

“Microsoft always gave us open and honest advice and we could tell—they are in for the long game! We have chosen the partner closest to our heart,” says Benjamin Beinroth, CIO at Fressnapf.

Footwear, apparel, and accessories marketer and retailer Wolverine Worldwide made a commitment to migrate its data centers to Microsoft Azure in parallel with an upgrade to the RISE with SAP solution hosted on Azure. Wolverine Worldwide is moving to the cloud to support growth, improve agility, enhance employee experience, and improve speed to market.

Not only do customers prefer the Microsoft Cloud for their RISE with SAP solution implementation, but our ecosystem partners do as well. Atos, a global leader in digital transformation with 105,000 employees worldwide, has chosen Microsoft Cloud for its RISE with SAP solution implementation.

“We chose Azure to increase flexibility and scalability, with a system that we can adjust as required.  In addition, we have easier interoperation with the services on offer, like Teams and Power BI, and technologies like AI, machine learning, and chatbots,” explains Frédéric Aubrière, Group CIO at Atos.

Customers and partners choose Microsoft Cloud for their SAP solutions because of the ease of integration, breadth of advanced services and innovation, and the highest level of security and compliance. Microsoft offers the broadest set of connectors and APIs to enable quick integration into SAP solutions—whether improving productivity by integrating SAP applications and Microsoft Teams or enhancing data analytics with Power BI and SAP Analytics Cloud solution or automating and integrating SAP apps with other cloud data. These comprehensive services, tools, and capabilities have accelerated our customers’ and partners’ business transformation.

SAP and Microsoft: Integrate and co-innovate

We constantly strive to improve the user experience, simplify the automation and integration of SAP S/4HANA on the Microsoft Cloud, and accelerate customers’ business transformation. This partnership puts both SAP and Microsoft in a strong position to continue driving the best outcomes for customers with solutions from SAP in the public cloud.

We’re achieving this by focusing on addressing the needs of various SAP users:

SAP Business User

Microsoft Teams has become one of the most used applications on desktops and mobile apps for collaboration and communication. We have come a long way since we announced the expanded partnership between SAP and Microsoft to integrate Microsoft Teams across SAP solutions. This has enabled more scenarios, including SAP Business ByDesign, SAP Sales Cloud, and SAP SuccessFactors solutions, among others. Check out how Doosan created the Delightful Digital Workplace for its employees and how you can benefit from the integration of SAP SuccessFactors solutions and Microsoft Viva.

Developers

The innovation for SAP developers includes improvements in SAP Business Technology Platform (SAP BTP) to increase availability and accelerate the development of SAP extensions. As part of our global expansion plan, we launched support in the Australia East region last year, making SAP BTP on Azure available in six regions, with more to be added in the coming months. We continue to add access to new security features in the cloud. SAP BTP now supports Azure Private Link, offering excellent private network connectivity between applications running on SAP BTP, Azure native services, and resources running in our customer’s subscription.

To architect for scalable and robust enterprise applications in the cloud, event-driven architectures are the strategic path forward. We are happy to announce the upcoming integration between the SAP Event Mesh capability and Azure Event Grid. This collaboration will greatly facilitate the integration of event-based architectures between Microsoft’s and SAP’s technology stacks. This bidirectional integration will enable scenarios such as Azure Logic App to be triggered by an event in SAP S/4HANA or an SAP software workflow triggered by an event in the Azure platform. This is further enhanced by improved integration of SAP Cloud Identity Services and Azure Active Directory, allowing for easier identity flows.

We will continue to build and share joint SAP and Microsoft reference architectures so customers can access best practices and guidance on how to deploy our new capabilities.

Administrators

The SAP Cloud Appliance Library tool has been a way to accelerate the creation of test and development systems for customers starting their journey to the cloud with SAP S/4HANA. Setting up production quality installations of SAP S/4HANA and implementing best practices to achieve performance, security, and cost optimization may still be challenging. Thanks to the partnership between SAP and Microsoft, it is now possible for customers to deploy production systems with SAP Cloud Appliance Library on Microsoft Azure. This functionality for production systems is currently only available in Azure and is a major productivity gain. With SAP Cloud Appliance Library, administrators can use a wizard with a simple UI flow to deploy an SAP and Microsoft approved SAP S/4HANA landscape, that is based on customer individual software stack definitions (via Maintenance Planner), SAP instance sizing, and high-availability options. Moreover, it benefits not only greenfield implementations, but in combination with the new “DMO to Azure” tool, it supports the conversion from on-premise SAP ERP to SAP S/4HANA Cloud on Microsoft Azure.

Lastly, customers can further enhance productivity by integrating SAP applications with Azure native services. The recently launched Azure Blob Storage Connector for the SAP Information Lifecycle Management service is a great example of how we facilitate life-cycle management using Azure’s scalability, security, and cost benefits.

Respecting the customer’s choice

Microsoft understands that every customer is different. Each one has their own set of requirements and priorities, and when it comes to their SAP systems, there is no one-size-fits-all solution. The RISE with SAP solution offers the choice of Azure infrastructure, allowing customers to take the best path for their business. We are thankful for our deep, 25-year-long relationship with SAP and look forward to delivering more joint innovation to our customers.
Quelle: Azure

5 reasons to attend the Modernize and Migrate with Hybrid Cloud Flexibility digital event

Are you looking to modernize your applications and data and migrate your workloads to cloud? To provide you insights and guidance directly from Azure customers, experts, and engineers, we will be hosting Modernize and Migrate with Hybrid Cloud Flexibility digital event on Wednesday, April 13, 2022, from 9:00 AM to 11:00 AM Pacific Time.

Here are five reasons to attend Modernize and Migrate with Hybrid Cloud Flexibility digital event.

Hear best practices and real-life modernization and migration success stories from Azure customers and FastTrack for Azure engineers
This event will showcase Azure customers like GE, Volkswagen Financial Services, Leeds Teaching Hospitals NHS Trust, and Azure Migration and Modernization Program customers like Jotun, and Planzer. These customers will share why and how they modernized and migrated to Azure. You will also hear real-life best practices from FastTrack for Azure engineers.
Join exclusive sessions on apps, data, and infrastructure modernization and migration scenarios
This event will include technical sessions providing guidance from Azure experts like Jeff Hollan, Jeff Woolsey, and Bob Ward on how to modernize .NET and Java applications, SQL databases, and all kinds of workloads to Azure. You will also get to learn about Azure Migrate, the central hub for migration and modernization tools, and hear about its latest updates.
Discover hybrid cloud solutions to help you modernize and migrate at your own pace
We understand that you might not be ready to move all workloads to the cloud yet and you need a consistent way of managing workloads across on-premises, multi-cloud, and edge. In this event, you will discover how Azure Arc enables you to secure and govern infrastructure and apps anywhere, build cloud-native apps faster with familiar tools and services to run them on any Kubernetes platform, and modernize your data estate with Azure data services.
Get hands-on experience with deep-dive demos, workshops, and cloud skills challenges
In addition to the sessions, you can boost your hands-on experience with multiple deep-dive demos, three interactive workshops, and three cloud skills challenges. Each of these is specifically built for apps, data, and infrastructure modernization scenarios and gives you a hands-on in-depth experience of each scenario.
Enroll in a chance to win Surface Headphones, Surface Earbuds, or a Bose SoundLink Micro speaker
Once you register for this free event, you can earn points by participating in different activities like watching the event for more than 90 minutes and viewing resources like workshops and cloud skills challenges. Once you earn 400 points, you will automatically enter a chance to win prizes like Microsoft Surface Headphones, Microsoft Surface Earbuds, and Bose Soundlink Micro Bluetooth Speakers. Check out the detailed sweepstake rules.

Register today for the Modernize and Migrate with Hybrid Cloud Flexibility digital event

Modernize and Migrate with Hybrid Cloud Flexibility digital event
Wednesday, April 13, 2022
9:00 AM to 11:00 AM Pacific Time

Quelle: Azure

Manage port forwarding for backend pool with Azure Load Balancer

Starting today, Azure Load Balancer enables customers to manage port forwarding for Virtual Machine Scale Sets or a group of virtual machines in a backend pool with a single set-up with minimum management overhead.

What is port forwarding?

Port forwarding lets you connect to specific virtual machines by using the Load Balancer frontend IP address and port number. Load Balancer, upon receiving the traffic on a certain frontend port, will forward traffic to the target virtual machine on a specific backend port.

By employing an inbound NAT rule, you can access virtual machines in a virtual network through the IP address and port of the Load Balancer.

Inbound NAT rule or load balancing rule?

In a nutshell, inbound NAT rule is used for traffic forwarding by mapping each virtual machine to a frontend port of the Load Balancer for access. All traffic arriving at the specified frontend port of the Load Balancer will be directly forwarded to a single targeted virtual machine. Therefore, traffic is not load balanced in this case. Inbound NAT rules are useful when you want to forward traffic directly to a specific virtual machine and port combination. While load balancing rules are used to distribute traffic coming to a specific frontend of the Load Balancer across all virtual machines in the backend pool.

Figure 1: Inbound NAT rule for single machine.

Figure 2: Load Balancing rule.

You can have both load balancing rules and inbound NAT rules on the same Load Balancer. For example, a load balancing rule can be set up for the specific backend pool from frontend port 80 to backend port 80, so that incoming traffic can be distributed across the virtual machines in the backend pool. At the same time, you can also set up an inbound NAT rule for each virtual machine on backend port 443 so that you can use Remote Desktop Protocol (RDP) to access each virtual machine for management purposes.

Figure 3: Use both inbound NAT rule and load balancing rule on a backend pool.

What are the customer challenges that we aim to solve?

Inbound NAT rules for individual target machine

When you have a large backend pool with frequent scaling up and down, this approach will create unnecessary overhead. An inbound NAT rule needs to be deleted before the target virtual machine can be taken out of the backend pool. Similarly, whenever scaling up occurs, a new inbound NAT rule for the new virtual machine needs to be created to complete the port forwarding set-up.

Inbound NAT pool

Inbound NAT pool is useful when the backend pool is composed of Virtual Machine Scale Sets. However, this approach is not viable when your backend pool is composed of a group of virtual machines.

Set up inbound NAT rule for backend pool

Based on frontend port range start, maximum number of machines in backend pool defined for an inbound NAT rule, Load Balancer will pre-allocate a range of frontend ports starting from frontend port range start. The range end is calculated by adding maximum number of machines in the backend pool to frontend port range start to ensure that there are enough frontend ports in the event of scaling up.

Figure 4: Add inbound NAT rule.

In this example, Load Balancer will pre-allocate 1000 frontend ports starting from port 500. In this case, the backend pool can scale up to 1000 machines without requiring extra management from the customer.

Figure 5: Inbound NAT rule for backend pool.

Port mapping for individual machines

Once the inbound NAT rule is created, Load Balancer will assign the frontend port to each virtual machine in the backend pool. Port mappings of existing machines will not change in the event of scaling up or down. In this example, to access centralus-vm1 on port 443, you can use https://40.89.253.167:502.

Figure 6: Port mapping for individual machines.

Learn more

What are inbound NAT rules?
Tutorial: Create a multiple virtual machines inbound NAT rule using the Azure portal
Product details: Azure Load Balancer

Quelle: Azure

Cloud migration for medical imaging data using Azure Health Data Services and IMS

This blog post is co-authored by Vittorio Accomazzi, Chief Technical Officer (CTO) at IMS.

This blog is part of a series in collaboration with our partners and customers leveraging the newly announced Azure Health Data Services. Azure Health Data Services, a platform as a service (PaaS) offering designed to support Protected Health Information (PHI) in the cloud, is a new way of working with unified data—providing care teams with a platform to support both transactional and analytical workloads from the same data store and enabling cloud computing to transform how we develop and deliver AI across the healthcare ecosystem.

The first implementation of digital imaging techniques in clinical use started in the 1970s. Since then, the medical imaging industry has grown exponentially—over the last two and a half decades, there has been a significant development in image acquisition solutions, which has boosted image quality and adoption in different clinical applications. Healthcare is projected to deliver the greatest industry-specific CAGR of 36 percent out to 2025 (Global healthcare data is forecasted to reach 2.3 zettabytes* in this coming year alone) and medical imaging data represents approximately 80 – 90 percent of that growth1.

While the amount of data generated by the medical imaging industry has continued to grow, the solutions for storing and handling this data remain archaic and on-premises due to limited products with insufficient computing power, storage size, and continuously outdated hardware. In addition, the lack of interoperability of these on-premises systems with other types of clinical data solutions and increasing workloads within imaging departments resulted in a big struggle to achieve predictive diagnosis and improved outcomes for patients. Bringing health data into the cloud has been met with challenges ranging from concerns about the security and privacy of the data to a lack of understanding of the opportunities it opens.

For the most part, interoperability in the health industry has also been limited and focused on clinical data. However, other types of health data such as imaging, IoT, and unstructured data also play a critical role in getting a full view of the patient, thereby contributing to better patient diagnosis and care.

This is why Microsoft has released Azure Health Data Services which aims to support the combining clinical, imaging, and MedTech data in the cloud using global interoperability standards like Fast Healthcare Interoperability Resources (FHIR®) and Digital Information Communication in Medicine (DICOM). The DICOM service within Azure Health Data Services allows standards-based communication with any DICOMweb™ enabled systems such as medical imaging systems, vendor-neutral archives (VNAs), picture archiving, and communication systems (PACS), etc. The goal is to fully leverage the power of the cloud infrastructures for medical images, creating a service that is fast, highly reliable, scalable, and designed for security.

Within the DICOM service, QIDO, WADO, and STOW protocols support query, retrieve, and storage of DICOM objects, while custom tags allow for user-defined, searchable tags. You can also use DICOMcast as a single source to query for cross-domain scenarios. The DICOMcast injects DICOM metadata into the FHIR service, or FHIR server, allowing a single source of truth for both clinical data and imaging metadata.

Once imaging data is persisted in the cloud, there is also a need for seamless integration of workloads into the cloud with minimum disruption and without extra investment in devices and software. In order to enable customers currently relying on DICOM DIMSE to be able to smoothly adopt cloud-based imaging storage and solutions powered by our DICOM service.

IMS collaborated with Microsoft to leverage its cloud technologies for IMS to provide a solution for this challenge resulting in a powerful tool that migrates medical imaging data from legacy workstations to the cloud using Azure Health Data Services. IMS selected Microsoft Azure because it has the most comprehensive offering and active road map to support the transition of healthcare to the cloud.

Using CloudSync as a synchronization tool

It was apparent from the beginning that creating a simple protocol converter or gateway to push images from on-premises to the cloud was not an optimal solution: since the data will flow only in one direction (from a healthcare organization to the cloud for storage, archival or advanced analytics). With that, the institution would be missing most of the benefits, such as calling back the image set into the existing on-premises viewer after performing annotations, running cloud-enabled AI models, or advanced analytics. On the other hand, having access to prior imaging studies of the patients during the current visit also plays a vital role in validating abnormal conditions over time for better clinical outcomes.

To bridge this gap, IMS designed and developed CloudSync, which is a software-only DICOM device that actively synchronizes the on-premises archive (or multiple archives) with an Azure DICOMweb endpoint. CloudSync allows the data to flow both ways and furthermore allows the implementation of business logic for the proactive staging of patient historical imaging data for immediate access, thereby reducing the latency experienced by the user.

This synchronization allows integration of organizations’ existing on-prem solutions with Azure Health Data Services and machine learning environments so that they can store, archive, slice-and-dices their data for superior cohort management. With the possibility to conveniently connect to Microsoft Power BI and Azure Synapse Analytics through Azure Health Data Services, institutions can curate their datasets, develop and deploy models, monitor their performance, perform advanced analytics on Azure Machine Learning Pipeline and push results back into their clinical workflow.

Key features of CloudSync include:

Synchronize medical DICOM images from on-premises archives to the cloud using Azure Health Data Services: Enable collaboration among multiple on-prem devices by connecting all of them in one point for ease of access by everyone.
Eliminate network latency while fetching medical imaging data: Proactively push prior medical images of the patient from the cloud to the on-prem devices based on the patient’s schedule and have them ready during the patient’s visit.
Migrate imaging data from legacy workstations to the cloud: Enable seamless and effortless integration of on-premises imaging workstations with the cloud.

CloudVue: A one-stop-shop for medical image viewing

To fully leverage the power of Azure, IMS also provides a zero-footprint diagnostic viewer called CloudVue. CloudVue allows users to safely review the data stored in the Azure DICOMweb archive on any device making it possible to access imaging data from anywhere. On top of the standard security mechanisms, CloudVue also encrypts the data during transmission.

In addition to providing the standard viewing features and tools of a web viewer, CloudVue also provides:

Organizations with the ability to grant granular secure access to specific medical imaging data for distribution such as authorizing users to access specific studies in the archive, and not the entire repository. Therefore, the organization can safely grant access to referring physicians and even patients.
The ability to deliver and improve AI workloads on Azure: CloudVue can store and handle data originating from AI predictions and track user behavior at the same time so it can determine if the prediction is correct. Therefore, CloudVue is implementing a positive feedback loop to monitor and improve AI over time.
Annotation capabilities for images used in AI modeling.

CloudVue is the perfect companion for CloudSync in allowing users to take advantage of storing data in Azure using Azure Health Data Services.

Within the current healthcare market space, one of the biggest challenges facing radiologists, clinicians, and care teams while making the diagnosis is the easy availability of a complete history of the patient—while a radiologist might have access to the medical images, not being able to query and find a patient’s medical history, medications and other lab work in the same place, makes predictive diagnosis difficult and time-consuming. With Azure Health Data Services, all of this data can now be accessed together, and using DICOMcast, a new feature, clinical information can sit alongside metadata from medical images, making them searchable quickly. This technology used alongside IMS’s CloudSync and CloudVue can change how radiologists interact with medical images and give them the ability to use the data they have for diagnosis and research.

The beginning of next-gen medical imaging viewing

IMS has created a solution for the medical imaging industry that allows health organizations to take full advantage of Azure Health Data Services at their own pace while:

Avoiding any disruptions to the current workflow.
Maintaining the current investments in devices and software.

Do more with your data with Microsoft Cloud for Healthcare

With Azure Health Data Services, health organizations are empowered to transform their patient experience, discover new insights with the power of machine learning and AI, and manage PHI data with confidence. Enable your data for the future of healthcare innovation with Microsoft Cloud for Healthcare.

We look forward to being your partner as you build the future of health.

Learn more about Azure Health Data Services.
Learn more about IMS at International Medical Solutions | The Power of Partnering.
Read our recent blog, “Microsoft launches Azure Health Data Services to unify health data and power AI in the cloud.”
Learn more about Microsoft Cloud for Healthcare.

1“Driving Data Growth in Healthcare: Challenges and Opportunities for IT,” IDC
Quelle: Azure

Azure confidential computing with NVIDIA GPUs for trustworthy AI

Many industries such as healthcare, finance, transport, and retail are going through a major AI-led disruption. The exponential growth of datasets has resulted in growing scrutiny of how data is exposed—both from a consumer data privacy and compliance perspective. For example, the use of AI in healthcare has grown rapidly, with hospitals and pharmaceutical companies using AI to improve diagnostics and improve drug discovery and development. In transport, the interaction between humans and vehicles is being re-imagined thanks to AI-powered autonomous driving. However, broader democratization of AI is limited by concerns regarding sharing and use of personal data.1 For example, banks are often unable to collaborate on tasks such as fraud and money laundering detection due to concerns regarding security and privacy of transaction data.

Professor Bryan Williams, Director of Research at University College of London Hospitals acknowledges this challenge; “UCLH and the NHS want to be at the forefront of using AI to transform healthcare. A major obstacle to testing AI algorithms with various partners has been concerned about ensuring the privacy of patient data. Technological solutions that enable the secure sharing of data while protecting patient privacy are a potential game-changer to accelerate the evaluation and adoption of AI in health care.”

In this context, confidential computing becomes an important tool to help organizations meet their privacy and security needs. Confidential computing technology encrypts data in memory and only processes it once the cloud environment is verified, helping protect data from cloud operators, malicious admins, and privileged software such as the hypervisor. It helps keep data protected throughout its lifecycle—in addition to existing solutions of protecting data at rest and in transit, data is now protected while in use.

Microsoft partners with NVIDIA to bring confidential GPUs on Azure

Today, we are excited to announce the next chapter in this journey through a strategic partnership between NVIDIA and Microsoft that brings confidential computing to state-of-the-art NVIDIA GPUs. This partnership is based on a shared vision to empower individuals and organizations to share and collaborate to derive new insights from data without sacrificing security, privacy, or performance. With confidential computing support in Ampere A100 GPUs combined with hardware-protected VMs, enterprises will be able to use sensitive datasets to train and deploy more accurate models without compromising security or performance.

With confidential GPUs, data is encrypted when it is transferred between the CPU and GPU over the PCIe bus with keys that are securely exchanged between NVIDIA’s device driver and the GPU. The only place where data is decrypted is within a hardware-protected, isolated environment within the GPU package where it can be processed to generate models or inference results. Much like other Azure confidential computing solutions, confidential GPUs support cryptographic attestation based on a unique GPU identity provisioned by NVIDIA during manufacturing. Using remote attestation, organizations can independently verify that their data is only processed within genuine and correctly configured confidential GPUs.

Private preview sign up for Azure confidential GPUs

Over the past year, we worked closely with NVIDIA to bring confidential GPUs into the Azure confidential computing ecosystem. Today we are excited to invite you to sign up for the private preview of Azure confidential GPU VMs. In the private preview, confidential GPUs will bring together the security of trusted launch with secure boot and vTPM coupled with up to four NVIDIA Ampere A100 GPUs. With confidential GPUs, you can set up a secure environment in the Azure cloud and run your machine learning workloads utilizing your favorite machine learning frameworks, and remotely verify that your VM boots with trusted code, the NVIDIA device driver for confidential GPUs, and that your data remains encrypted as it is transferred to and from the GPUs.

Confidential computing across industries

We are already partnering with several organizations to accelerate their journey towards confidentiality through confidential GPUs.

Bosch sees confidential computing as a key instrument to help protect data and meet compliance requirements. Dr. Sven Trieflinger, Senior Research Project Manager at Bosch, mentions, “With ever-decreasing cost and performance overheads, confidential computing techniques will be widely adopted in cloud workloads. The new level of security they offer will be instrumental in addressing challenges in the areas of legal compliance, IP protection, and customer trust”.

The impact of confidential computing extends to financial services too, where the Royal Bank of Canada (RBC) is already leveraging Azure confidential computing solutions to innovate. Eddy Ortiz, VP of Solution Acceleration and Innovation at RBC, says, “The confidential computing capabilities available in Azure have enabled us to unlock new business capabilities and materially advance existing product offerings by leveraging data in ways that only a few years ago was impossible. We’ve been able to craft novel applications which satisfy and exceed the Bank's most stringent cybersecurity demands. Through these technological advancements we are well-positioned to continue to offer unique and highly personalized experiences to our clients.”

At Microsoft, we remain committed to the vision of a confidential cloud, a cloud where organizations can share data and derive insights while reducing the need for trust across various aspects of the cloud infrastructure. Along with our hardware partners including NVIDIA, we will continue to innovate and advance AI trustworthiness through confidential computing.

Learn more

Sign up for the private preview of Azure confidential GPU VMs.
Learn more about Azure confidential computing.

References
1How to make AI trustworthy
Quelle: Azure

Azure HBv3 VMs for HPC now generally available with AMD EPYC CPUs with AMD 3D V-Cache

Azure HBv3 virtual machines (VMs) are now upgraded to and generally available with AMD EPYC 3rd Gen AMD EPYC™ processors with AMD 3D V-Cache™ technology, formerly codenamed “Milan-X”, in the Azure East US, South Central, and West Europe regions. In addition, we are announcing that HBv3 VMs will also soon come to Central India, UK South, China North 3, Southeast Asia, and West US 3 Azure regions. Customers can view estimated time of arrival for these new regions at Azure Availability by region.

To access these enhanced CPUs, customers need only deploy new HBv3 VMs, as all VM deployments from today onward will occur on machines featuring the new processors. Existing HBv3 VMs deployed prior to today’s launch will continue to see 3rd Gen AMD EPYC processors, formerly codenamed “Milan”, until they are de-allocated and a customer creates new VMs in their place.

Significant performance upgrade for all HBv3 customers

As previously detailed, EPYC processors with AMD 3D V-Cache can significantly improve the performance, scaling efficiency, and cost-effectiveness of a variety of memory performance-bound workloads such as CFD, explicit finite element analysis, computational geoscience, weather simulation, and silicon design right-to-left (RTL) workflows.

Compared to the performance HBv3-series delivered prior to the upgrade to the new processors, customers will experience up to:

80 percent higher performance for CFD.
60 percent higher performance for EDA RTL.
50 percent higher performance for explicit FEA.
19 percent higher performance for weather simulation.

HBv3-series VMs retain their existing pricing and do not require changes to customer workloads. No other changes are being made to the HBv3-series VM sizes customers already know and rely on for their critical research and business workloads. For more information on the Azure HBv3-series, please see official documentation for the Azure HBv3-series of virtual machines.

The highest performance, most cost-effective cloud HPC

Based on testing of a broad array of customer HPC workloads against the best publicly demonstrated performance from other major cloud providers, Azure HBv3-series VMs with 3rd Gen AMD EPYC processors with AMD 3D V-Cache and InfiniBand from NVIDIA Networking deliver 2.23-3.88 times higher performance.

Figure 1: Relative at-scale workload performance in CFD, molecular dynamics, and weather simulation.

For more performance, scalability, and cost information see our detailed blog here.

Continuous improvement for Azure HPC customers

Microsoft and AMD share a vision for a new era of high-performance computing in the cloud. One defined by continuous improvements to the critical research and business workloads that matter most to our customers. Azure has teamed with AMD to make this vision a reality by raising the bar on the performance, scalability, and value we deliver with every release of Azure HB-series virtual machines.

Figure 2: Azure HB-Series virtual machine generational performance improvement.

“Rescale is excited to see the dedication by Microsoft to continually raise the bar, the new Azure HBv3 VMs featuring AMD EPYC™ CPUs with AMD 3D V-Cache™ technology specifically targets memory bandwidth bottlenecks impacting the most widely used commercial CFD codes on the Rescale platform. Preliminary testing has demonstrated a 25 percent performance boost across three of the most common CFD applications and a positive impact on virtually all software running on the upgraded instances,” said Chris Langel, HPC Engineering Manager at Rescale and Mulyanto Poort, VP of HPC Engineering at Rescale. “We are seeing a strong customer demand for “Milan-X” and are excited to offer the updated Azure HBv3 VMs to our customers,” said Ethan Rasa, Senior Director of Strategic Alliances at Rescale.

“Ansys Fluent is the industry-leading computational fluid dynamics tool and our customers are always looking for ways to run larger problems more quickly, or with more granularity.  The super-linear scaling we are seeing with the AMD Milan-X chip on the Azure HBv3 virtual machines will be received with a lot of excitement by our user base across many industries.”—Jeremy McCaslin, Product Manager, Fluids, Ansys

"Customers who require high-fidelity production simulations in demanding industries rely on Siemens Simcenter STAR-CCM+ software,” said Patrick Niven, Senior Director of Fluid and Thermal Product Management, Siemens Digital Industries Software. “Customers usually need those results quickly, so Siemens and Microsoft collaborate to ensure Azure HB-series instances deliver true HPC-class performance. The new Azure HBv3 instances featuring 3rd Gen AMD EPYC™ CPUs with AMD 3D V-Cache™ technology can accelerate simulations by up to 50 percent, so Microsoft can offer Simcenter STAR-CCM+ users cutting-edge performance on an accessible platform.”

Learn more

Azure Docs—HBv3-series Virtual Machines.
Azure HBv3-series with Milan-X processors launch video.
Watch the announcement at the AMD Acceleration Datacenter Premier.
See additional information on performance, scalability and cost information.
Performance and Scalability of HBv3-series with Milan-X processors.
Find out more about  high-performance computing in Azure.
AMD Launch Hub EPYC 3rd Gen EPYC with AMD 3D V-Cache.
Azure HPC optimized OS images.
Azure HPC virtual machines.

Quelle: Azure

Secure your APIs with Private Link support for Azure API Management

Azure API Management is a fully managed service that enables customers to publish, secure, transform, maintain, and monitor APIs. With a few clicks in the Azure portal, you can create an API facade that acts as a “front door” through which external and internal applications can access data or business logic implemented by your custom-built backend services, running on Azure, for example on Azure App Service or Azure Kubernetes Service, or hosted outside of Azure, in a private datacenter or on-premises. Azure API Management handles all the tasks involved in mediating API calls, including request authentication and authorization, rate limit and quota enforcement, request and response transformation, logging and tracing, and API version management.

Azure API Management helps you in:

Unlocking legacy assets—APIs are used to abstract and modernize legacy backends and make them accessible from new cloud services and modern applications. APIs allow innovation without the risk, cost, and delays of migration.
Create API-centric app integration—APIs are easily consumable, standards-based, and self-describing mechanisms for exposing and accessing data, applications, and processes. They simplify and reduce the cost of app integration.
Enable multi-channel user experiences—APIs are frequently used to enable user experiences such as web, mobile, wearable, or Internet of Things (IoT applications. Reuse APIs to accelerate development and return on investment (ROI).
Business-to-business (B2B) integration—APIs exposed to partners and customers lower the barrier to integrate business processes and exchange data between business entities. APIs eliminate the overhead inherent in point-to-point integration. Especially with self-service discovery and onboarding enabled, APIs are the primary tools for scaling B2B integration.

We are happy to announce the preview of Azure Private Link support for Azure API Management service. If you are not familiar with Azure API Management, when you deploy this service, you get three main components: Azure portal, gateway, and management plane. With Azure Private Link we can create a private endpoint for the gateway component, which will be exposed through a private IP within your virtual network. This will allow inbound traffic coming to the private IP to reach Azure API Management gateway.

Azure Private Link

With Azure Private Link, communications between your virtual network and the Azure API Management gateway travel over the Microsoft backbone network privately and securely, eliminating the need to expose the service to public internet. To learn more about Azure Private Link technology and platform as a service (PaaS) services that support it, you can review our Azure Private Link documentation.

Key benefits of Azure Private Link

Through this functionality we will provide the same consistent experience found in other PaaS services with private endpoints:

Private access from Azure Virtual Network resources, peered networks, and on-premises networks.
Built-in data exfiltration protection for Azure resources.
Predictable private IP addresses for PaaS resources.
Consistent and unified experience across PaaS services.

Private endpoints and public endpoints

Figure 1: Architecture diagram depicting the secure and private connectivity to Azure API Management Gateway—when using Azure Private Link.

Azure Private Link provides private endpoints to be available through private IPs. In the above case, the contoso.azure-api.net gateway has a private IP of 10.0.0.6 which is only available to resources in contoso-apim-eastus-vnet. This allows the resources in this virtual network to securely communicate. The other resources may be restricted to resources only within the virtual network.

At the same time, the public endpoint for the contoso.azure-api.net gateway may still be public for the development team. In this release, Azure Private Link will support disabling the public endpoint, limiting access to only private endpoints, configured under Private Link.

How to decide which networking model to use with Azure API Management?

Azure API Management also supports virtual network injection, allowing all components to be deployed inside a virtual network. With the addition of private endpoints, we have the following options for integrating inside a custom Azure Virtual Network:

 

Network model

Supported tiers

Supported components

Supported traffic

Virtual network—external

Developer and Premium.

Azure portal, gateway, management plane, and Git repository.

Inbound and outbound traffic can be allowed to internet, peered virtual networks, Express Route, and VPN S2S connections.

Virtual network—internal

Developer and Premium.

Developer portal, Gateway, Management Plane, and Git repository.

Inbound and outbound traffic can be allowed to peered virtual networks, Express Route, and VPN S2S connections.

Private endpoint connection (preview)

Developer, Basic, Standard, and Premium.

Gateway only (managed gateway supported, self-hosted gateway not supported).

Only inbound traffic can be allowed to internet, peered virtual networks, Express Route, and VPN S2S connections.

At this moment, these three options are mutually exclusive, you cannot choose a virtual network integration option (external or internal) in combination with private endpoint connections. Also notice that only our managed gateways will support private endpoint connections, the Self-Hosted Gateway does not support private endpoints in Azure.

Preview limitations

During the preview period, we will only support inbound traffic coming to the gateway, instances using STV2 compute platform, all pricing tiers except consumption, and Azure Private Link is limited to instances that are not using virtual network injection (internal or external). The feature will move to general availability as we assess feedback.

With the preview of Azure Private Link for Azure API Management, you are now empowered to bring your Azure API Management instances to a virtual network using the same consistent experience of other Azure PaaS services. You can create and manage private endpoints for the gateway of your Azure API Management instance. We will be sharing more updates and content in the future, so stay tuned for new updates towards the general availability of this feature.

Learn more

About Azure API Management.
Documentation on how to connect privately to API Management using a private endpoint.
Documentation on Azure Private Link.

Quelle: Azure