Kategorie: Microsoft Azure

Stay on top of database threats with Microsoft Defender for Azure Cosmos DB

Databases are constantly evolving to handle new use cases, incorporate more intelligence, and store more data, giving developers and organizations a wide range of database types to meet their varying needs. Because aspects including architecture, capabilities, configuration options, and authentication methods are unique to each database type, so are the security threats—requiring custom security measures and protection capabilities to address the most common threats across databases.

Azure Cosmos DB is a fully managed NoSQL database for modern, fast, and flexible app development, offering single-digit millisecond response times, automatic and instant scalability, and multiple SDKs and APIs to support a variety of non-relational data models.

Today we’re excited to announce a new addition to our database protection offering Microsoft Defender for Azure Cosmos DB in preview.

The new cloud workload protection capabilities are designed as an Azure-native layer of security, that detect attempts to exploit databases in your Azure Cosmos DB accounts based on the most common attack techniques and known bad actors—enabling security teams to detect and respond to these threats more effectively, using the Microsoft Defender for Cloud toolset.

These detections are delivered based on Microsoft Threat Intelligence, the Microsoft Defender SQL query analysis engine, and Microsoft Defender behavioral models. 

Detect the most critical threats targeting Azure Cosmos DB

Defender for Azure Cosmos DB monitors your Azure Cosmos DB accounts and protects them from various attack vectors, such as attacks originating from the application layer, SQL injections, suspicious access patterns, compromised identities, malicious insiders, and direct attacks on the database. Below is an overview of the key threat techniques that affect Azure Cosmos DB and are supported alert types in Microsoft Defender for Cloud.

SQL injections: It is not commonly known that one of the most popular attack techniques—SQL injection—can be executed against a database in Azure Cosmos DB. This technique allows the attacker to hide behind the application’s credentials and behaviors, so they can carry out an attack without the need to get their own credentials in order to exploit the database. Attackers can use SQL injection techniques to bypass the application’s access controls and extract sensitive data. Defender for Azure Cosmos DB detects these attempts early, as well as helps with recommendations and policies to harden your applications to help prevent these exploits in the first place.

Key extraction: This is an indicative pattern of a compromised identity looking for ways to access the crown jewels of your organization—your data. The most common way for compromised identities and malicious insiders to exploit an Azure Cosmos DB database is to extract the access keys to the account. These keys allow full access to all data in the Azure Cosmos DB account. In these cases, where an attacker manages to get hold of a compromised identity, it’s critical to detect a breach early and ensure they’re not able to scan your Azure Cosmos DB account and extract critical data. Defender for Azure Cosmos DB detects these compromises early and allows you to set up automation to block bad actors and mitigate the threat.
Known malicious indicators: Microsoft Defender for Cloud uses the extensive threat intelligence of Microsoft’s security platform, allowing security teams to detect and respond to malicious actors trying to access their databases more effectively.
Suspicious behavior patterns: Using behavioral modeling over time, Microsoft Defender for Cloud detects suspicious behaviors on your Azure Cosmos DB accounts that can indicate compromised identities, leaked keys, or malicious insiders. 

You can find a complete list of Defender for Azure Cosmos DB alerts with the Microsoft Defender for Azure Cosmos DB alerts reference guide.

Easily enable protection for all your database types in Microsoft Defender for Cloud

The new threat protection offering for Azure Cosmos DB is now available in Microsoft Defender for Cloud, alongside a newly designed database-centric enablement experience.

To simplify the process of enabling database protection across the different database types in your cloud and hybrid environments, we created a central management experience across SQL databases, MariaDB, and now Azure Cosmos DB. While each database type requires a tailored approach with custom security controls and uniquely optimized threat detection models, we have standardized the security experience in Microsoft Defender for Cloud across them.

You can enable protection for Azure Cosmos DB at either the subscription level or the resource level, or simply enable protection for all your database types with a single click. For detailed step-by-step instructions, check out our introduction to Microsoft Defender for SQL documentation.

With the addition of support for Azure Cosmos DB, Microsoft Defender for Cloud now provides one of the most comprehensive workload protection offerings for cloud-based databases, giving security teams and database owners a centralized experience to manage database security in their environments.

Microsoft Defender for Cloud is a solution for cloud security posture management (CSPM) and cloud workload protection (CWP) that finds weak spots across your cloud configuration, helps strengthen the overall security posture of your environment, and can protect workloads across multicloud and hybrid environments from evolving threats.

Learn more

Get started with a free trial.
Visit our website to learn more about Microsoft Defender for Cloud.
Check out the product documentation to get started with Microsoft Defender for Azure Cosmos DB.
Subscribe to our YouTube series for product deep dives!
Follow us at @MSThreatProtect for the latest news and updates on cybersecurity.

Quelle: Azure

Azure Cost Management and Billing updates – February 2022

Whether you're a new student, a thriving startup, or the largest enterprise, you have financial constraints, and you need to know what you're spending, where, and how to plan for the future. Nobody wants a surprise when it comes to the bill, and this is where Azure Cost Management and Billing comes in.

We're always looking for ways to learn more about your challenges and how Azure Cost Management and Billing can help you better understand where you're accruing costs in the cloud, identify and prevent bad spending patterns, and optimize costs to empower you to do more with less. Here are a few of the latest improvements and updates based on your feedback:

Anomaly detection preview for subscriptions.
Help shape the future of invoice reconciliation.
What's new in Cost Management Labs.
Rightsize to maximize your cloud investment with Microsoft Azure.
Save big by using your on-premises licenses on Azure.
New ways to save money with Azure.
New videos and learning opportunities.
Documentation updates.
Join the Azure Cost Management and Billing team.

Let's dig into the details.

 

Anomaly detection preview for subscriptions

The cloud comes with the promise of radical cost savings compared to on-premises, but that requires diligence to proactively plan, govern, and monitor your cloud solutions. Unfortunately, even the best of us can be caught by surprise. Luckily, you have the Cost Management anomaly detection preview for your subscriptions.

Cost Management anomaly detection is available from the cost analysis preview when you select a subscription scope. You’ll see your anomaly status as part of Insights. And as with other insights, the experience is fairly simple: Start on a subscription scope, open any view in the cost analysis preview and, if you have a cost anomaly, you'll see an insight. It's that simple.

If you don't have any anomalies, you'll see a "No anomalies detected" insight, confirming the dates that were evaluated.

If you’d like to drill in, simply click the insight link to open a view in classic cost analysis and review your daily usage by resource group for the time range that was evaluated. Below is an example of the anomaly above, where we can see a large spike and eventual drop in usage from a temporary, short-lived resource.

Cost anomalies are evaluated for subscriptions daily and compare the day's total cost to a forecasted total based on the last 60 days to account for common patterns in your recent usage (for example, spikes every Monday).

Anomaly detection is available to every subscription monitored using the cost analysis preview. To enable anomaly detection for your subscriptions, simply open the cost analysis preview and select your subscription from the scope selector at the top of the page. You’ll see a notification informing you that your subscription is onboarded and you’ll start to see your anomaly detection status within 24 hours.

That's about it! This is an early preview and there's a lot in the backlog to expand anomaly detection capabilities – from surfacing more details and generating insights for other scopes to sending out email alerts and more. Check it out and let us know what you'd like to see next.

 

Help shape the future of invoice reconciliation

Are you responsible for understanding your organization's cloud spending? Do you review and compare your invoice charges with Azure usage? We’re exploring new tools to help streamline invoice/usage reconciliation and would like to learn about your experience in a 60-minute interview covering the processes and tools you use.

If you or someone you know has experience in this area, we would love to get your feedback. Please contact our research team and we’ll schedule a time for the interview.

 

What's new in Cost Management Labs

With Cost Management Labs, you get a sneak peek at what's coming in Azure Cost Management and can engage directly with us to share feedback and help us better understand how you use the service, so we can deliver more tuned and optimized experiences. Here are a few features you can see in Cost Management Labs:

Update: Subscription cost anomalies – Now available in the public portal
Identify subscription cost anomalies with insights in the cost analysis preview. You can enable the cost anomaly preview using Try preview. If you don't see anomaly details in insights after enabling the preview, check back after 24 hours. Note that anomaly detection is only available when viewing cost for a subscription scope.
Update: Total cost in the cost analysis preview – Now enabled by default in Labs
See your total cost at the top of the cost analysis preview. You can opt-in using Try Preview or by using the cost analysis preview in Cost Management Labs.
New: Grouping SQL databases and elastic pools
Get an at-a-glance view of your total SQL costs by grouping SQL databases and elastic pools under their parent server in the cost analysis preview. You can opt-in using Try Preview.
Average cost in the cost analysis preview
See your average daily cost at the top of the cost analysis preview. You can opt-in using Try Preview.
Charts in the cost analysis preview
View your daily or monthly cost over time in the cost analysis preview. You can opt-in using Try Preview.
Budgets in the cost analysis preview
Quickly create and edit budgets directly from the cost analysis preview. If you don’t have a budget yet, you’ll see a suggested budget based on your forecast. You can opt-in using Try Preview.
View cost for your resources
The cost for your resources is one click away from the resource overview in the preview portal. Just click View cost to quickly jump to the cost of that particular resource.
Change scope from the menu
Change scope from the menu for quicker navigation. You can opt-in using Try Preview.

Of course, that's not all. Every change in Azure Cost Management is available in Cost Management Labs a week before it's in the full Azure portal. We're eager to hear your thoughts and understand what you'd like to see next. What are you waiting for? Try Cost Management Labs today.

 

Rightsize to maximize your cloud investment with Microsoft Azure

If you’re running on-premises servers, chances are you utilize a fraction of your overall server cores most of the time but are forced to over-provision to handle peak loads. Moving those workloads to the cloud can greatly reduce cost by “rightsizing” server capacity as needed.

Rightsizing is one of the key levers you have for controlling costs and optimizing resources. By understanding cloud economics, and using what Azure provides, you can identify the smallest virtual server instances that support your requirements and realize immediate savings by eliminating unused capacity.

To learn more, see Rightsize to maximize your cloud investment with Microsoft Azure.

 

Save big by using your on-premises licenses on Azure

Are you still hesitating to move some or all your workloads to the cloud due to the added cost? One of the easiest ways to significantly lower your cost of ownership is by using a special licensing offer called Azure Hybrid Benefit.

When migrating Windows Server or SQL Server on-premises workloads to Microsoft Azure, Azure Hybrid Benefit allows you to use your existing licenses covered by Software Assurance (SA) or other subscriptions in Azure. By bringing both Windows and SQL Server licenses with SA to Azure, you can save up to 85 percent compared to pay-as-you-go pricing.

To learn more, see Save big by using your on-premises licenses on Azure. And after reading about how much you can save, learn about how you can manage Azure Hybrid Benefit for SQL Server in the Azure portal.

 

New ways to save money with Azure

You have two new generally available offerings to help you save money this month:

Azure Monitor Diagnostic settings for Azure Storage.
Azure Key Vault increased service limits.

 

New videos and learning opportunities

If you're using Azure Backup, here's a new video you might be interested in:

Improve the price-performance of your apps with the latest Azure Virtual Machines (25 minutes).
Azure Virtual Desktop Master Class.

Follow the Azure Cost Management and Billing YouTube channel to stay in the loop with new videos as they’re released and let us know what you'd like to see next.

Want a more guided experience? Start with Control Azure spending and manage bills with Azure Cost Management and Billing.

 

Documentation updates

One important update to documentation that you’ll want to check out this month:

Added a new Subscribe to cost alerts section to the Save and share customize views article to subscribe to updates or a recurring schedule to get alerted as costs change. You can also set up alerts to be shared with others who may not have direct access to costs in the portal.

Want to keep an eye on all of the documentation updates? Check out the Cost Management and Billing documentation change history on GitHub. If you see something missing, select Edit at the top of the document and submit a quick pull request.

 

Join the Azure Cost Management and Billing team

Are you excited about helping customers and partners better manage and optimize costs? We're looking for passionate, dedicated, and exceptional people to help build best in class cloud platforms and experiences to enable exactly that. If you have experience with big data infrastructure, reliable and scalable APIs, or rich and engaging user experiences, you'll find no better challenge than serving every Microsoft customer and partner in one of the most critical areas for driving cloud success. To learn more, watch the video below:

Join our team.

What's next?

These are just a few of the big updates from last month. Don't forget to check out the previous Azure Cost Management and Billing updates. We're always listening and making constant improvements based on your feedback, so please keep the feedback coming.

Follow @AzureCostMgmt on Twitter and subscribe to the YouTube channel for updates, tips, and tricks. You can also share ideas and vote up others in the Cost Management feedback forum or join the research panel to participate in a future study and help shape the future of Azure Cost Management and Billing.

We know these are trying times for everyone. Best wishes from the Azure Cost Management and Billing team. Stay safe and stay healthy.
Quelle: Azure

New Azure for Operators solutions and services built for the future of telecommunications

After years of laying the foundation for the rollout of 5G and network cloudification, we are now seeing tremendous possibilities for how consumers and organizations will interact with technology for work, play, and connecting with communities. Around the world and across industries, 5G, augmented and virtual reality, AI, IoT, and edge computing are creating opportunities for rapid digital transformation. This is compelling operators to move away from legacy systems to accelerate network transformation and begin monetizing their investments in 5G and edge technologies.

Imagine the benefits to communities and organizations that have access to improved bandwidth, reliability, and reduced latency, while leveraging the rich capabilities of cloud-to-edge technology without compromise to security, critical services, or key workloads.

With the most complete offerings for the telecommunications industry, Microsoft is the ideal cloud provider to help operators with their digital transformation journey and enable them to deliver these innovative services to their consumer, enterprise, and public sector customers.

Azure for Operators

With Azure for Operators, we’re empowering operators to unlock the power of 5G by bringing cloud and edge closer together to modernize their networks so that they can streamline and optimize their business operations and deliver new services faster with greater reach and lower cost. With solutions that run on-premises, at the edge, or in the cloud but are always managed and secured by Azure, Microsoft meets you where you are, offering flexibility to transform on your terms and timelines. We are committed to partnering with you, not competing against you. Your consumer, enterprise, and government customers will benefit from a cloud platform with industry-leading security and governance built-in, and with an unmatched partner and developer ecosystem to maximize the value of the cloud at the edge. We’re applying Microsoft technology and developer ecosystem capabilities to offer the next-generation Azure for Operators portfolio—carrier-grade hybrid cloud platform, voice core, mobile core, and multi-access edge compute.

Introducing the new Azure for Operators solutions and services

In September 2020, we unveiled the Azure for Operators initiative to help operators evolve their own networks, and for partners to assist enterprises to maximize their industry 4.0 opportunities. In June of 2021, we introduced a new category, Azure private multi-access edge compute (MEC), which empowers operators and system integrators to unlock the enterprise 5G opportunity. Today, we’re announcing the next wave of Azure for Operators solutions and services.

The hybrid cloud platform built for the future of telecommunications

Operators are continually looking toward digital transformation to improve competitiveness, deliver new services, and yield positive financial results through both innovation and growth. We believe telecom digital transformation starts with the modernization of network core systems and operations.

In June 2021, Microsoft acquired the AT&T Network Cloud 2.7 Software technology, an industry-first collaboration. The AT&T Network Cloud supports AT&T's 5G core and FirstNet today, representing seven years of experience developing on-premises cloud for network workloads. We’ve taken the acquisition of this technology, moved the engineering and program organization from AT&T’s Network Cloud organization into Azure for Operators, and directly integrated the intellectual property into a new Azure offering. We continue to make significant enhancements to the acquired technology itself, including security across AT&T’s entire Network Cloud deployment.

Today we are announcing the next-generation hybrid cloud platform for operators—Azure Operator Distributed Services—which combines the enhanced version of the acquired AT&T technology with the best of Azure, including our industry-leading security, monitoring, analytics, AI, machine learning, and so much more.

Built from the ground up and proven to run network-intensive workloads and mission-critical applications, Azure Operator Distributed Services meets the security, resiliency, observability, manageability, and performance needs required by operators to achieve meaningful results from digital transformation. It will enable operators to run all their workloads (such as core, RAN, mobile and voice core, OSS, and BSS) on a single carrier-grade hybrid platform. With Azure Operator Distributed Services, business operations can be streamlined, providing operators with simplified management, policy, and automation delivered through unified cloud management using Azure Services, Azure Arc management, Azure Security, and platform as a service with Azure. Azure Operator Distributed Services provides the flexibility and scalability to support customer deployments at the edge of the cloud, the edge of the network, or the enterprise edge. Now, operators can effectively create new services to monetize their network, all while gaining robust network and customer insights that are necessary to facilitate proactive decision-making, critical action, and the creation of real value.

With Azure Operator Distributed Services, we are delivering a carrier-grade hybrid cloud service to the market and AT&T where it can run at AT&T on-premises or on Azure public cloud. Azure Operator Distributed Services is designed to support the AT&T mobile core network that today spans more than 60 containerized network functions (CNFs) and virtual network functions (VNFs) from 15 different vendors, which currently are deployed and running on the AT&T Network Cloud platform. AT&T will continue to select and manage VNFs and CNFs and their configurations to deliver mobility services to AT&T customers. AT&T and Microsoft are closely collaborating on the deployment of Azure Operator Distributed Services with initial testing stages planned for later this year.

“AT&T's 5G network is built on an agile, future-ready mobile core that's designed to boost innovation, resiliency, and security for our customers. Our 5G mobility core is fully cloud-based, integrating Network Functions from multiple vendors that today are hosted on Network Cloud infrastructure based on a cloud software stack that Microsoft acquired from AT&T last year. We are pleased with Microsoft’s plan to evolve Network Cloud and integrate it with Azure technologies to create hybrid telco-grade Azure Operator Distributed Services. This will enable AT&T and other operators to host Network Functions on clouds spanning telco premises and public cloud and will help us realize the many benefits of the cloud-native approach and Azure innovation including additional speed, resiliency, security, cost, and operational improvements.“—Andre Fuetsch, Executive Vice President and CTO Network Services, AT&T

We designed the Azure Operator Distributed Services for use by all operators while maintaining security and without losing differentiation. In terms of security and privacy, we want to make clear that operators using Azure Operator Distributed Services continue to hold access to their customer data, Microsoft cannot access or see it. With this product, we want to enable operators to deliver new services faster and more flexibly across Azure public cloud and on-premises with common tooling and services, reducing time-to-market with a cloud-native approach. True to our mission of empowering everyone to achieve more, we are collaborating with the broader partner ecosystem, including Ericsson and Nokia, to build on our next-gen hybrid cloud platform for operators.

“Combined with cloud capabilities, 5G has the potential to accelerate the digital transformation of virtually any sector of industry or society. The combination of Azure Operator Distributed Services and Ericsson’s market-leading cloud-native network functions and orchestration suite promise significant benefits for customers. Microsoft and Ericsson are jointly exploring enterprise 5G use cases in conjunction with leading operators.”—Jan Karlsson, Senior Vice President and Head of Business Area Digital Services, Ericsson

“Open collaboration is key to the development of new and innovative high value 5G use cases that will equip our customers with the tools they need for digital transformation. This is part of Nokia’s continued commitment to leading an open mobile future, making it simple for our customers to take advantage of the 5G world, helping to drive it forward. We are enthusiastic to work closely with Microsoft to integrate our Cloud RAN technology with Microsoft Azure, offer Microsoft Azure IoT Edge Services allowing industries to realize new capabilities at the edge, and bring Nokia’s new SaaS-based NetGuard Cybersecurity Dome as well as other Cloud and Network Services software to Azure.”—Chris D. Jones, Vice President Strategic Partnerships, Strategy and Technology, Nokia

Next-generation packet core services

Today, we are also announcing the private preview of the Azure Operator 5G Core and public preview of the Azure Private 5G Core. The Azure Operator 5G Core deploys on the Azure Operator Distributed Services to meet the needs of operators seeking automated, operational efficiency in a mobile network that can scale hundreds of millions of subscribers and devices. Azure Private 5G Core is available as part of the Azure private MEC solution, enabling operators and system integrators to provide a simple, scalable, and secure deployment of private 4G and 5G networks at the enterprise edge. Both services are deployed and managed through Azure.

Azure Operator 5G Core

Microsoft Azure Operator 5G Core is an Azure service that enables operators to build, deploy, and manage scalable mobile networks. Operator networks need to handle unprecedented amounts of data as 5G unleashes a broad set of low-latency, high throughput consumer, industry 4.0, IoT, and massive machine-type communications. Using Azure Operator 5G Core, operators can seamlessly deploy network workloads on Azure and manage their networks at scale with agility and cost efficiency while keeping up with the evolving demands of 5G.

Azure Operator 5G Core is built on a distributed architecture and includes cloud management, service automation, life cycle management, network slicing, and integrated analytics. This allows operators to provide an enhanced and customized user experience and leverage open APIs to easily integrate with their existing environments. Azure Operator 5G Core and Microsoft’s vast ecosystem of first and third-party tools enable operators to achieve greater enterprise value by creating new vertical solutions (such as gaming, energy, smart cities, autonomous vehicles, agriculture, etc.). We are working with a select number of partners and customers during the private preview and are excited to make this available to all operators soon.

Azure Private 5G Core

This packet core as-a-service offer allows operators and system integrators to rapidly deploy enterprise private mobile networks and low latency applications on Azure Arc-connected edge platforms, such as Azure Stack Edge. Through Azure, partners can unify the cloud management of multiple, globally distributed private wireless networks, with the flexibility to also choose and integrate components from technology and solution partners, including a wide range of 4G and 5G Standalone RAN and SIM providers.

We are enabling a growing list of global partners to deliver next-generation private wireless solutions. Operators developing solutions using Azure private MEC include AT&T, Etisalat, Swisscom, and Telefonica. Our list of global system integrator partners continues to expand, with Accenture, Amdocs, ATOS, Capgemini, Cognizant, Harman, HCL, Intelsat, Lockheed Martin, Northrup Grumman, Tampnet, TCS, and Tech Mahindra. Azure Private 5G Core is also validated with technology partners to speed up integration with RAN partners including ASOCS, AirSpan, CommScope, Fujitsu, Parallel Wireless, and Qualcomm.

Partners are actively working with enterprise customers on proof of concepts and trials:

AT&T is looking to bring private 4G and 5G wireless networks as an integrated platform with connectivity and applications to enable low-latency services at the edge. Target customers include businesses, universities, and the public sector. Currently under development with Microsoft, the AT&T Private 5G Edge service is using Microsoft’s Azure private MEC and Azure Private 5G Core.
Lockheed Martin is collaborating with Microsoft on 5G.MIL®solutions. Lockheed Martin 5G.MIL integrates 5G technologies into military communication networks for resilient and secure next-generation connectivity in highly dynamic environments. Using Azure Private 5G Core in 5G.MIL solutions will enable high performance in a small footprint and the ability to support, secure, and scale interconnection between 5G wireless and military networks. “Lockheed Martin’s strategic collaboration with Microsoft unlocks new capabilities that will provide a decisive edge for military personnel across all domains,” said Dan Rice, Vice President of 5G.MIL® Programs at Lockheed Martin. “Leveraging Microsoft’s expertise in cloud computing and distributed system orchestration, we are accelerating the scale and speed of critical military communications, which will be necessary in increasingly contested environments.”
HARMAN Digital Transformation Solutions (DTS) has employed Azure private MEC to successfully advance digital transformation at one of the largest airports in the United States. The solution improved operational efficiencies for the airport’s manual cargo handling process. "Advances in technologies like 5G yield significant opportunity to accelerate innovation across nearly every industry—from transportation and healthcare to manufacturing and education,” said David Owens, Senior Vice President and General Manager, Digital Transformation Solutions, HARMAN. “HARMAN's deep knowledge and experience in the communications domain and Azure private MEC offers a comprehensive solution to enterprises planning to deploy private networks and cloud computing applications. We are glad to join hands with Microsoft in re-shaping the future by elevating experiences for our customers and end consumers."
"Northrop Grumman’s advanced battle management technologies allow military forces to effectively communicate and securely share mission-critical data across all domains. With the integration of the Azure private MEC platform, we are leveraging Microsoft’s commercial-edge computing capabilities to inform tactical mobile ad hoc networks for the U.S. Navy’s Information Warfare Research Project.”—Tom Pieronek, Chief Technology Officer, Aeronautic Systems, Northrop Grumman
"As a pioneer in digital transformation, Fujitsu is committed to helping enterprises and telcos accelerate adoption of 5G. Our market-leading O-RAN solutions and managed services offerings, combined with the power of Microsoft’s Azure private MEC offering, will play an important role in delivering 5G solutions to market, enabling rich customer experiences at the convergence of 5G, digital, and the edge.”—Shingo Mizuno, Corporate Executive Officer, Fujitsu Limited
"We are entering a new era of enterprise digital transformation that will be fueled by private networks, edge computing, secure access service edge, and amplification of industry-specific applications. Along with Microsoft, we are making it easy for enterprises to order, provision, and consume full suite of infrastructure capabilities and applications—the cloud way"—Manish Mangal, Global Head of 5G and Network Services, Tech Mahindra

Delivering the value of cloud to the edge for enterprises with MEC solutions

In June 2021, we announced a new category, the Azure private MEC. Today we extend this MEC category with the introduction of Azure public MEC solution. An evolution of Azure Edge Zones with an operator, the Azure public MEC solution integrates Azure compute and services with mobile operator 5G connectivity, elevating application performance at the operator edge. Through the Azure private and public MEC solutions, we are collaborating and co-innovating with operators and system integrators, as well as bringing the broader technology and developer ecosystem to deliver innovative solutions that meet enterprise needs at the edge.

Azure public MEC

With Azure public MEC, we are collaborating with strategic operators to enable enterprises and developers to deliver innovative high-performance, low-latency applications at the operator edge, using operators’ public 5G network connectivity. Applications that run on Azure public MEC offer customers the unique ability to analyze data closer to where it is being captured from users and edge-enabled devices (such as industrial IoT devices, cars, and smartphones). The resulting timely, detailed insights pave the way for proactive responses to and solutions for real-world enterprise problems.

With Azure public MEC, enterprises and developers can select the low-latency components they need from the cloud to deliver at the edge while managing everything else in the cloud. This level of flexibility allows customers to rapidly deploy innovative MEC solutions, increasing efficiency, and optimizing costs by reducing the need for on-premises servers and the amount of traffic to the public cloud.

We are co-innovating with global strategic operators and independent software vendors (ISVs) to deliver public MEC solutions across the globe. We recently announced Azure public MEC with AT&T and Azure public MEC with Singtel, and others to follow. We are also working with many ISV partners to offer innovative networking, security, and low-latency applications that meet enterprise needs. Check out demos with Checkpoint, Couchbase, Game Cloud, Summit Tech, and VMware to learn how these partners are delivering innovative solutions at the edge with Azure public MEC.

Our partners in their own words

Partners are at the heart of what we do at Microsoft. Through strategic collaborations and scale ecosystem engagements, we are working with operators, system integrators, technology partners, and solutions partners to build innovative solutions that enable the telecommunications industry transformation. Read and watch what some of our partners are saying about working with Microsoft to deliver innovative solutions to capitalize on the promise of 5G for next-generation business outcomes.

“Combining the high bandwidth and low latency of 5G with cloud and edge compute capabilities opens an entirely new world of opportunities for businesses and other organizations to serve their customers in new ways. This will enable entirely new use cases in manufacturing, retail, health care, automotive, touching virtually every industry vertical. AT&T’s collaboration with Microsoft is about enabling organizations to harness the power of 5G, cloud and edge quickly with the ability to scale on demand.”—Rasesh Patel, Executive Vice President, and Chief Product and Platform Officer, AT&T

“This unique solution by Singtel and Microsoft leverages the strength and performance of Singtel's innovative edge cloud platform to deliver assured low latency, high throughput, intelligent connectivity, data analytics, and AI services to enterprises. This enables enterprises to accelerate their digital transformation journeys through adopting advanced technologies such as autonomous robots, vehicles, and drones, as well as Metaverse applications, into their enterprise operations through a single unified platform.”—Bill Chang, CEO, Group Enterprise, Singtel

Telstra announced customer trials of Australia’s first 5G-enabled edge compute solution for enterprises (Branch Offload) through a collaboration with Microsoft and Ericsson that will use technologies including Telstra’s 5G and fixed connectivity, Azure Stack Edge, Secure Edge, SD-WAN and service orchestration, and will be delivered as a managed service by Telstra Purple. Nikos Katinakis, Telstra’s Group Executive for Networks and IT said, “Telstra’s collaboration with our major strategic partners, Microsoft and Ericsson, continues to enable us to break new ground, leveraging new technologies and our smarter network to standardize solutions and that will help Australian businesses adapt for the digital future.”

“Technical trials demonstrated how Azure public MEC and AT&T’s 5G mobile network-enabled Summit Tech’s Odience 360 8K live streaming platform with built-in e-commerce to bring immersive and interactive experiences to use cases such as shopping, live concerts, sports stadiums, and eSports. MEC video processing yielded up to 80 percent bandwidth reduction, imperceptible motion-to-photon delay, and impressive glass-to-glass low latency for true two-way interactivity. Check out the demo video to learn more."—Doug Makishima, Chief Sales, and Marketing Officer (CSMO), Summit Tech

"As the requirements of modern applications continue to evolve, Couchbase is collaborating with Microsoft and Azure public MEC to bring the cloud and the edge closer together for customers. Azure public MEC and Couchbase’s modern database enables developers to build next-gen edge use cases."—Matt McDonough, SVP Business Development and Strategy, Couchbase

Watch this ISV testimonial to hear from Citrix, Spirent, Game Cloud, VMware, and Fortinet about how they are working with Microsoft to build and deliver public MEC solutions.

Get started

With Azure for Operators, we’re committed to empowering operators, the partners ecosystem, enterprises, and developers to achieve more.

Connecting with us about Azure Operator Distributed Services

Operators, partners, and customers who want to learn more about Azure Operator Distributed Services, contact us today.

Connecting with us about Azure Operator 5G Core

Operators, partners, and customers who want to learn more about Azure Operator 5G Core, contact us today.

Connecting with us about Azure private MEC and the Azure Private 5G Core

Connect with us to build MEC solutions with Azure private MEC and Azure Private 5G Core. Operators and SIs interested in partnering with Microsoft to deploy and manage customers’ Azure private MEC solutions can get started by joining the Azure private MEC MSP program. For operators or systems integrators interested in offering the Azure Private 5G Core service to your enterprise customers, you can get started by reaching out to the Azure Private 5G Core team.

Connecting with us about Azure public MEC

We are fully committed to enabling enterprises and developers to take full advantage of low latency 5G integration on public MEC. To learn more and engage with us to build the next-generation enterprise applications, we invite enterprises and developers to contact us. ISV partners, connect with us to solve customer challenges together.
Quelle: Azure

Seamless integration of Logz.io observability platform with Microsoft Azure

When your solution is operating at cloud speed and scale you need to be able to spot problems as they arise (ideally before they impact the customer), respond quickly and resolve them as quickly as possible. If you are building and have cloud-native applications in form of microservices, serverless, and container technologies, tracing an event to its origin, and identifying the root cause is not trivial.

Observability solutions allow you to monitor modern systems more effectively and help you find and connect effects in a complex chain and trace them back to their cause. It gives your DevOps, site reliability engineers (SREs), and developers visibility into the entire architecture. Observability solutions achieve this by collecting logs, metrics, and traces, and using machine learning to extract insights.

At Microsoft, in addition to providing native observability solutions such as Azure Monitor, we work closely with the open-source community and partners to provide popular observability solutions for you to choose the observability solution of your choice.

We have partnered with Logz.io to build Logz.io for Microsoft Azure which makes it easy to ship your log data to Logz.io in minutes without deploying any new code. From within Azure, you can deploy Logz.io resources and choose which logs they want to send to Logz.io for storage and analysis. This includes activity logs, data from multiple Azure resources, and log files from virtual machines. Before the integration, Logz.io customers were expected to instantiate EventHub in their subscription and use Azure functions to send data from Azure resources to the Logz.io account.

Logz.io provides a cloud-native observability platform that centralizes log, metric, and tracing analytics in one place, so you can monitor the health and performance of your Azure environment. It uses open source monitoring tools including ELK, Prometheus, and Jaeger—and unifies them into a scalable observability platform.

“Our partnership with Logz.io will accelerate innovation within the engineering community, enabling teams to seamlessly launch Logz.io observability tools, and rapidly build and monitor their products, while providing customers with a centralized portal management for billing and support for their Azure Deployments.”—Julia Liuson, President, Microsoft Developer Division

“This partnership represents a massive opportunity for engineering and DevOps teams to build and optimize their mission-critical applications using the open-source tools they love,” said Tomer Levy, Founder and CEO at Logz.io. “By creating a seamless, low friction way to utilize Logz.io in the Azure environment and streamline the entire process, we believe that this native integration, offered through Azure Marketplace will become a de facto resource for many new and existing customers.”

With Logz.io for Azure’s unified experience, you will be able to:

Provision a new Logz.io account from Azure client interfaces like Azure Portal Azure PowerShell and SDK.

Streamline single-sign on (SSO) to Logz.io—a separate sign-on from the Logz.io portal is no longer required.

Configure their Azure resources to send logs to Logz.io—a fully managed setup with no infrastructure for customers to setup and operate.

Seamlessly send logs and metrics to Logz.io. Today, customers must set up event hubs and write Azure Functions to receive logs from Azure Monitor and send them to Logz.io.
Easily install the Logz.io agent on virtual machines hosts through a single-click.

Get unified billing of Logz.io SaaS through Azure subscription invoicing.

Next steps

Try out this new service, “Logz.io for Azure” via the Azure Marketplace.
Learn more about Logz.io for Azure.

Quelle: Azure

Observability from cloud to edge in Azure

This post is co-authored by Rahul Bagaria, Principal Product Manager, Azure Monitor Customer Success

Our customers are transforming their digital environments, whether migrating workloads to Azure, building new cloud-native apps, or unlocking new scenarios at the edge. As they combine these strategies to meet their business needs, they must also maintain their existing environments. It’s critical that customers can monitor the health, performance, and security of their mission-critical systems, and an observability solution is a best practice for streamlined well-governed management.

With Azure Monitor, our approach to observability centers on simplicity. We know from our customers how important it is to have monitoring available out-of-the-box and to easily get started with samples and recommendations including effective alerts, optimal queries, and customizable reports. To ensure that you can monitor your largest production workloads anywhere in a trustworthy manner, we have designed our data platform to handle thousands of terabytes of data per day easily and reliably. We also understand that our customers have their workloads in Azure, their on-premises datacenters, edge, and multi-cloud environments, and thus extend Azure Monitor through Azure Arc so that our customers have the flexibility to run their applications anywhere and monitor or manage them effectively.

With 99 percent of the top 1,000 Azure customers using advanced capabilities of Azure Monitor, large enterprises using Azure offer a master class in well-monitored environments across cloud, on-premises datacenters, and the edge. As customers including Ernst & Young, Nokia, LinkedIn, Mercedes Benz, and Asos.com trust Azure Monitor for their observability needs, several themes emerge for companies of all sizes to be successful in building a well-monitored environment.

Ability to observe at any level across the stack and get deep insights

Rich insights: You can take advantage of curated visualizations, reports, and diagnostic tools for specific resources, using insights from Azure Monitor. Application Insights provides application performance management (APM) capabilities, and you can use VM insights, Container insights, or Network Insights (and many more) for infrastructure monitoring.
Distributed tracing: Tracing is a key pillar of observability, and with Azure Monitor, you can easily correlate transactions end-to-end from apps to dependencies to infrastructure. There are multiple topology views built-in like Application Map, VM Map, and Network Map for you to visualize the architecture or drill down on transactions. With our investments in OpenTelemetry, we are starting to add support for vendor-agnostic tracing as well.
Log analytics: The heart of Azure Monitor is our powerful centralized logs platform which stores together all logs in Azure across monitoring, security, and management. You can even send your own custom logs, define schemas and transforms, and take advantage of the full power of log analytics. You get a rich query language (KQL) capable of correlations, troubleshooting, analytics, and even AIOps. This platform also powers the security monitoring and SIEM scenarios in Azure with Microsoft Sentinel and Defender for Cloud.

Open and extensible platform for partners and customers to innovate

Partners and integrations: While Azure Monitor provides rich observability and analytics capabilities, as a customer you have a choice to use any monitoring or analytics solution that suits your requirements, and we will fully support that from the platform. We integrate data from Azure resources with partner solutions like Datadog and Elastic (now natively available in Azure) using the same underlying platform that powers our experiences. We also provide hooks for you to export data, connect alerts with ITSM systems, or shift left by incorporating monitoring within your DevOps toolchains.
Open-source solutions: If you need to use open-source metrics or logging solutions alongside Azure Monitor, we support multiple CNCF (Cloud Native Compute Foundation) projects. You can seamlessly scrape Prometheus metrics for Kubernetes clusters with Container insights, and there is a Logstash output plugin for sending custom logs to Azure Monitor.
Operational dashboarding: Beyond the dashboarding and reporting capabilities natively available in Azure, Grafana provides a very rich single-pane-of-glass visualization solution for multi-cloud environments. Azure Monitor is natively part of the core Grafana software with a variety of dashboarding templates that you can build on.

Enterprise-ready for mission-critical scenarios

Privacy: Azure Monitor is fully GDPR compliant and does not collect any PII out-of-the-box. We do support data purging on request. Lockbox protection allows you to control access to any data you are collecting requests during support incidents.
Security: For all your logs in Azure Monitor, we provide data encryption at rest with customer-managed keys (CMK) in your Azure Key Vaults. There is even more security at the infrastructure level with 256-bit AES encryptions. You can take advantage of private links support to connect securely to any of your private network endpoints. To ensure further trust and data security, we recommend you configure agents to use at least Transport Layer Security (TLS) 1.2, and if needed, ingest Azure Active Directory authenticated logs into Azure Monitor.
Compliance: We provide many capabilities to help you meet any compliance requirements in your organization, industry, or geography. You can leverage activity logs and audit logs for security compliance and retain or archive specific data for long durations (up to 7 years) as needed, with additional support for data immutability (in Azure Storage). Overall, we comply with most of the data residency and sovereignty requirements and are even targeting to support Schrems II very soon.

For a more in-depth look at Azure and observability, you can learn more about monitoring best practices for your cloud and edge environments with our dedicated guidance cookbooks; we welcome you to reach out to us with any questions or feedback on our Tech Community.
Quelle: Azure

Azure Spring Cloud Enterprise is now available in preview

When we launched Azure Spring Cloud with VMware in 2019, we set out to solve common challenges developers, IT operators, and DevOps teams face when running Spring Boot applications at scale. Since then we’ve had the opportunity to work with many customers to help them adopt the service including Bosch, Digital Realty, Kroger, Liantis, Morgan Stanley, National Life, Raley’s, and Swiss Re. They value the fully managed infrastructure of Azure Spring Cloud that lets them focus on their apps, while the service manages dynamic scaling, security patching, out-of-the-box instrumentation for monitoring, and more.

Many organizations are running thousands of Spring Boot applications on-premises and need advanced capabilities to accelerate their Spring modernization projects. Based on our learnings from customer engagements, we built a new Azure Spring Cloud tier—Enterprise—that we announced at SpringOne 2021. Azure Spring Cloud Enterprise includes commercially supported Spring runtime components to help enterprise customers ship faster and unlock Spring’s full potential. We are thankful to the many customers and partners who shared their learnings and helped shaped Enterprise tier, and we are excited to announce that Azure Spring Cloud Enterprise is now available in preview for all customers.

Azure Spring Cloud Enterprise represents our continued collaboration with VMware to combine Microsoft’s cloud platform expertise with VMware’s innovative Tanzu portfolio. We’re also committed to making it an application platform where you can deploy polyglot applications that are inherently portable across any Azure service, any cloud, or any on-premises system. With Azure Spring Cloud Enterprise, you gain productivity and access to Spring experts for Spring app development and deployments. Azure Spring Cloud Enterprise builds on top of all the features available in the Standard tier, including the ability to leverage the broader Azure ecosystem to supercharge your Spring Boot applications.

Figure 1: Azure Spring Cloud tier selection now includes Enterprise

Ship faster

Deploy and manage Spring and polyglot applications

The fully managed VMware Tanzu Build Service in Azure Spring Cloud Enterprise automates container creation, management, and governance at enterprise scale using open source Cloud Native Buildpacks and commercial VMware Tanzu Buildpacks. Tanzu Build Service offers a higher-level abstraction for building apps and provides a balance of control that reduces the operational burden on developers and supports enterprise IT operators who manage applications at scale. You can configure what Buildpacks to apply and build Spring applications and polyglot applications that run alongside Spring applications on Azure Spring Cloud.

Tanzu Buildpacks make it easier to build Spring, Java, NodeJS, Python, Go, and .NET Core applications and configure application performance monitoring agents such as Application Insights, New Relic, Dynatrace, AppDynamics, and Elastic.

Effortlessly route client requests to applications

You can easily manage and discover request routes and APIs exposed by applications using the fully managed Spring Cloud Gateway for VMware Tanzu and API portal for VMware Tanzu.

Spring Cloud Gateway for Tanzu effectively routes diverse client requests to applications in Azure Spring Cloud, Azure, and/or on-premises, and addresses cross-cutting considerations for applications behind the Gateway such as securing, routing, rate limiting, caching, monitoring, resiliency, and hiding applications. You can configure:

Single sign-on integration with your preferred identity provider without any additional code or dependencies.
Dynamic routing rules to applications without any application redeployment.
Request throttling without any backing services.

API portal for VMware Tanzu provides API consumers the ability to find and view API route details exposed by Spring Cloud Gateway for Tanzu and test API requests.

Figure 2: Fully managed Spring Cloud Gateway for Tanzu routes diverse client requests to applications in Azure Spring Cloud, Azure, and/or on-premises systems

Figure 3: API portal for VMware Tanzu visualizes APIs that are accessible from Spring Cloud Gateway for Tanzu and other OpenAPI-compliant sources

Flexible and configurable VMware Tanzu components

With Azure Spring Cloud Enterprise, customers can use fully managed VMware Tanzu components on Azure. Customers can select which VMware Tanzu components they want to use in their environment during Enterprise instance creation. Tanzu Build Service, Spring Cloud Gateway for Tanzu, API portal for VMware Tanzu, Application Configuration Service for VMware Tanzu, and VMware Tanzu Service Registry are available during the preview.

VMware Tanzu components deliver increased value to customers such that you can:

Grow your enterprise-grade application portfolio from a few applications to thousands with end-to-end observability while delegating operational complexity to Microsoft and VMware.
Lift and shift Spring applications across Azure Spring Cloud and any other compute environment.
Control your build dependencies, deploy polyglot applications, and deploy Spring Cloud middleware components as needed.

Microsoft and VMware will continue to add more enterprise-grade features, including Tanzu components such as Application Live View for VMware Tanzu, Application Accelerator for VMware Tanzu, and Spring Cloud Data Flow for VMware Tanzu¹.

Unlock Spring’s full potential with Long-Term Support (LTS)

Azure Spring Cloud Enterprise includes VMware Spring Runtime Support for application development and deployments. This support gives you access to Spring experts, enabling you to unlock the full potential of the Spring ecosystem and develop and deploy applications faster.

Figure 4: Do more with Spring framework through world-class support for Spring projects

Typically, open source Spring project minor releases are supported for a minimum of 12 months from the date of the initial release. In Azure Spring Cloud Enterprise, Spring project minor releases will receive commercial support for a minimum of 24 months² from the date of initial release through the VMware Spring Runtime Support entitlement. This extended support ensures the security and stability of your Spring application portfolio even after the open source end-of-life dates.

Figure 5: Commercial support timeline for Spring Boot

Fully integrated into the Azure and the Java ecosystem

Azure Spring Cloud, including Enterprise tier, runs on Azure in a fully managed environment. You get all the benefits of Azure and the Java ecosystem, and the experience is familiar and intuitive.

Common development practices
Azure ecosystem

Create service instances using a provisioning tool
Azure Portal, CLI, ARM Template, Bicep, or Terraform

Automate environments and application deployments
GitHub, Azure DevOps, GitLab, and Jenkins

Monitor end-to-end using any tool and platform
Application Insights, Azure Log Analytics, Splunk, Elastic, New Relic, Dynatrace, or AppDynamics

Connect Spring applications and interact with your cloud services
Spring integrations with Azure services for data, messaging, eventing, cache, storage, and directories

Securely load app secrets and certificates
Azure Key Vault

Use familiar development tools
IntelliJ, VS Code, Eclipse, Spring Tool Suite, Maven, or Gradle

For example, after you create your Enterprise service instance and deploy your applications, you can easily monitor with Application Insights or any other application performance management tools of your choice.

Figure 6: Application Transactions visible through Application Insights Application Map

Get started today

Azure Spring Cloud Enterprise delivers even more productivity, and you can leverage Spring experts to make your projects even more successful. We would love to see you try Enterprise and share your feedback—get started today.

You can also learn more about the Azure Spring Cloud Enterprise preview announcement by VMware.

¹The Azure Spring Cloud Enterprise roadmap is not confirmed and is subject to change.

²You can find the current support timelines for Spring projects.
Quelle: Azure

Microsoft Azure’s first Azure HPC + AI Day

Welcome to our first Azure HPC + AI Day! We’re excited to host the first event, which will soon become an annual tradition. Join us on February 24 and 25 to hear directly from the Microsoft Azure team and earn points by attending sessions to get one of its kind Azure HPC + AI Day swag. Tune into a customer panel and learn how to start up an environment with our hands-on lab. It’s bound to be a great time, and we can’t wait to meet you there.

Register now for Azure HPC + AI Day.

Join us from anywhere

For full access to the entire event, make sure to register for the full experience, where you can tune in to live sessions, watch our on-demand content, check out some additional resources, try to win some swag, and take part in our hands-on labs.

Can’t get to the full event? Many of our sessions on February 24 will also be broadcast on LinkedIn. Watch from anywhere, and still get a chance to hear what’s coming and have the opportunity to ask our customers questions in the panel.

Look forward to these sessions

Day one

Start time

Title

9:00 – 9:30 AM PT

Azure HPC + AI keynote

9:30 – 10:00 AM PT

AI Infra Platform strategy

10:00 – 10:30 AM PT

Azure HPC + AI software strategy

10:45 – 11:45 AM PT

Topic breakouts sessions

12:00 – 1:00 PM PT

Customer panel

Topic breakouts

Title

Building a successful SaaS solution for Massive Scale Actuarial Modelling: An end-to-end Azure solution

Cloud versus on-premises considerations

How to onboard as a HPC partner

Day two

Start time

Title

9:00 – 9:45 AM PT

HPC Operations—Azure, the best place to run HPC in the cloud

10:00 AM – 12:00 PM PT

IT Operator hands-on lab using on az-hop

10:00 AM – 11:30 PM PT

Journey from on-premises to cloud: Story by Ansys

12:15 – 2:15 PM PT

Engineer hands-on lab using az-hop

Hear directly from customers

Join us on February 24 at 12:00 PM PT to hear directly from our customers about their experiences. Available on both platforms, be ready to hear about their experiences working in the cloud, the incredible projects they’ve been working on, and what the future holds. Don’t forget to ask questions.

Customers present

Jellyfish Pictures
Vestas
University of Bath
Kensington Mortgages
AMD

Time to roll up your sleeves—with help

On February 25, get ready to roll up your sleeves and work in Azure. We’ll have two hands-on labs guided by Microsoft experts. In the IT operator hands-on lab, you'll get the chance to understand and build from scratch an end-to-end high-performance computing (HPC) cluster in Azure with autoscaling compute nodes, a web portal, a lustre file system, and remote visualization nodes. Later in the day in the Engineering hands-on lab, you’ll then get the opportunity to run a typical HPC workload and visualize the end results.

Big moments in 2021

Jellyfish Pictures needed to enable secure remote access to immense computing power to render visual effects and animation sequences. They were able to use Azure to gain burst rendering on up to 90,000 processor cores in the cloud, gaining a 70 percent boost in capacity and the freedom to work from anywhere.

Global leader in sustainable energy solutions Vestas Wind Systems A/S wanted to optimize wind energy production by reducing the negative impact of turbine wakes. Working with Microsoft Azure and minds.ai, Vestas is now able to generate simulations to help wind farms mitigate wake effect, generate more wind energy, and build a more sustainable and prosperous energy future.

AMD needed more computing power and burst capacity to easily handle spikes in demand, optimize its own processes, and accelerate in market. Drawing on the power and flexibility it gained with Azure HPC, AMD has eliminated weeks and even months of delay, reducing procurement times and overall job times. It’s matching and exceeding on-premises performance and is now getting daily visibility into reports.

In the midst of COVID-19 the need for a way to get faster test results, Sensyne Health developed its MagnifEye solution, a mobile app that uses a device’s camera to capture the LFT stick image and read it in tenths of seconds with a stunning 99.6 percent accuracy rate.

Previous launches in 2021

NDm A100 v4 series virtual machines now generally available

In November, we announced the general availability of the new NDm A100 v4 series virtual machines (VMs). This new series built on the ND A100 v4 announced in June and expanded Azure’s leadership-class AI supercomputing scalability in the public cloud. The new high-memory NDm A100 v4 for data-intensive GPU compute workloads reaffirms Microsoft’s commitment to rapidly adopting and shipping the latest scale-up and scale-out GPU accelerator technologies to the public cloud.

Read more in the launch announcement.

Learn more

Register for Azure HPC + AI Day.
Learn more about Azure HPC + AI.
Learn more about our recently launched Digital Certification program with Cap Gemini focusing on NIVIDA GPU-powered Azure virtual machines.
Azure HBv3 virtual machines for HPC, now up to 80 percent faster with AMD Milan-X CPUs.

Quelle: Azure

Advancing Azure Virtual Machine availability monitoring with Project Flash

“As we head into the fourth calendar year of the Advancing Reliability blog series, empowering organizations to run their workloads reliably on Azure remains one of our top priorities. We continually invest in evolving the Azure platform to help achieve this on a daily basis. Your ability to monitor virtual machine (VM) availability in a robust and comprehensive way is paramount to ensuring that your applications are available and resilient. For today’s post in the series, I have asked Program Manager, Pujitha Desiraju, from our Azure Core Platform Fundamentals Engineering team to talk about the latest observability enhancements for VM availability monitoring, as well as planned investments to deliver the best monitoring experience.”—Mark Russinovich, CTO, Azure

 

This post was co-authored by Principal Software Engineering Manager, Gaurav Jagtiani.

Flash, as the project is internally known, is a collection of efforts across Azure Engineering, that aims to evolve Azure’s virtual machine (VM) availability monitoring ecosystem into a centralized, holistic, and intelligible solution customers can rely on to meet their specific observability needs. Today, we’re excited to announce the completion of the project’s first two milestones—the preview of VM availability data in Azure Resource Graph, and the private preview of a VM availability metric in Azure Monitor.

What is Project Flash?

Project Flash derives its name from our commitment to building robust and rapid ways to monitor virtual machine (VM) availability as comprehensively as possible—a key prerequisite for efficient application performance. It’s our mission to ensure you can:

Consume accurate and actionable data on VM availability disruptions (for example, VM reboots and restarts, application freezes due to network driver updates, and 30-second host OS updates), along with precise failure details (for example, platform versus user-initiated, reboot versus freeze, planned versus unplanned).
Analyze and alert on trends in VM availability for quick debugging and month-over-month reporting.
Periodically monitor data at scale and build custom dashboards to stay updated on the latest availability states of all resources.
Receive automated root cause analyses (RCAs) detailing impacted VMs, downtime cause and duration, consequent fixes, and similar—all to enable targeted investigations and post-mortem analyses.
Receive instantaneous notifications on critical changes in VM availability to quickly trigger remediation actions and prevent end-user impact.
Dynamically tailor and automate platform recovery policies, based on ever-changing workload sensitivities and failover needs.

With these goals in mind, we’ve divided our execution strategy into two phases—a near-term phase to meet critical current needs, and a long-term phase to deliver the best VM availability monitoring experience. This two-phased approach helps us continually bridge gaps, iterate on service quality, and learn from your feedback at every step along the way.

Announcing new monitoring options

For the first phase, we are providing different options to enable convenient access to VM availability data to address a range of observability needs. We aim to maintain data consistency with similar rigorous quality standards across all of these existing features and solutions, like Resource Health or Activity Log, to deliver a consistent view agnostic of the solution you choose.

Introducing at-scale analysis for VM availability

Today, we’re excited to reach our first Project Flash milestone—with the preview release of VM availability states in Azure Resource Graph for at-scale programmatic consumption.

Azure Resource Graph is a service in Azure that is extensively adopted for its efficient ability to query across many subscriptions, all at once and at low latencies. We’re currently emitting VM availability states (Available, Unavailable, and Unknown) to the Health Resources table in Azure Resource Graph, so you can perform complex Kusto Query Language (KQL) queries for sieving through large datasets at once. This functionality is handy for tracking historical changes in VM availability, for building custom dashboards, and for performing detailed investigations across numerous resource properties spread across multiple tables.

Figure 1: Azure Resource Graph Explorer Window with query and results, to demonstrate fetching data from the HealthResources table.

We are planning to add failure details and degraded VM scenarios to the Health Resources table in Azure Resource Graph, later this year. These details will ensure you are properly informed on the cause and impact of any failures—so you can either failover, reboot in place, or take the appropriate mitigations to prevent end-user impact.

Navigate to Azure Resource Graph Explorer on the Azure portal to get started with any of the KQL queries published for the Health Resources table.

Introducing VM availability metric in Azure Monitor

We’re also pleased to announce the private preview of an out-of-box VM availability metric in Azure Monitor, for a curated metric alerting and monitoring experience.

Metrics in Azure Monitor are great for monitoring and analyzing time series representations of VM availability for quick and easy debugging, receiving scoped alerts on concerning trends, catching early indicators of degraded availability, correlating with other platform metrics, and more.

The metric allows you to track the pulse of your VMs—during expected behavior, the metric displays a value of 1. In response to any VM availability disruptions, the metric dips to a 0 for the duration of impact. In case of an Azure infrastructure outage, we will emit nulls represented as a dotted line on the portal.

Figure 2: Screenshot of VM availability metric as seen on Metrics Explorer in the Azure portal, with occasional dips to reflect VM availability disruptions.

We released the private preview of the metric as phase one of our rollout plan, and are currently collecting customer feedback, to further improve our offering. We are planning to add failure details such as metric dimensions and platform logs next year, to allow you to precisely alert on failure scenarios that are impactful.

Coming soon

The two monitoring options introduced above are just the beginning for Project Flash! We will continue to build upon our existing solutions by improving data quality and failure attribution. In parallel, we are designing two new monitoring offerings to meet your latency and mitigation needs, while also investing heavily in the underlying platform to make our fault detection more resilient and comprehensive.

Azure Event Grid for instantaneous notifications

Successfully running business-critical applications requires hyper-awareness of any VM availability impacting event, so remediation actions can be triggered instantaneously to prevent end-user impact. To support you in your daily operations, we are planning to design a notification mechanism that leverages the low-latency technology of Azure Event Grid. This will allow you to simply subscribe to an Event Grid system topic, and route scoped events via event handlers to any downstream tooling, instantaneously.

Automate and tailor platform recovery policies

Considering the numerous ongoing investments to improve your VM availability monitoring experience, Project Flash intends to empower you even further by providing you knobs to customize recovery policies triggered by the platform, in response to cases of VM availability disruptions.

One such knob we are designing is the ability to opt-out of Service Healing for single-instance VMs, in response to a specific set of unanticipated Availability disruptions. This knob will be made available via the portal or at the time of VM deployment and can be updated dynamically. Note that leveraging this feature will render the usual Azure Virtual Machine availability SLAs ineffective.

In the future, we will explore introducing knobs to also opt-out of other applicable recovery policies (for example, Live Migration or Tardigrade), to ensure you can easily adapt to your ever-changing mitigation needs.

Ongoing platform quality investments

While the first phase is designed to meet your current observability needs, we remain focused on our long-term goal of delivering a world-class observability experience surrounding VM availability. We are extremely excited for all the data enrichments and technology advancements that will contribute to this experience, so here’s an early look at our roadmap of planned investments:

Fault detection and attribution: We are continuously evolving our underlying infrastructure to detect and attribute failures both precisely and instantaneously—so that we can reduce unknown or missing health status reports, emit actionable failure details, and handle platform recovery customizations. This remains our top investment area on which we continue to iterate every cycle.
Root cause analysis (RCA) automation: We are planning to implement easy tracking mechanisms for every unique VM downtime, along with automatic construction and emission of detailed downtime RCA statements to reduce manual tracking and churn on your end.
AIOps integration: We are looking to leverage the tremendous advancements being made in AIOps across Microsoft, for enabling smart insights and anomaly detection and diagnosis across the multitude of data points on VM Availability.
Centralized and cohesive user experience: We acknowledge that a consequence of our near-term approach is that across our different services we have multiple monitoring, alerting, and recovery tools which may lead to a confusing and disparate experience for you. This is a problem we intend to solve with our final phase. Our north star goal is to provide end-users access to distinct and necessary representations of VM availability, consolidated within Azure Monitor, and categorized according to common usage patterns for discoverability, ease of use and intuitive onboarding.

Learn more

This list is certainly not exhaustive as we have multiple enrichments planned as part of our long-term strategy. To reiterate, our intention with Project Flash is to make VM availability monitoring extremely intuitive, comprehensive, and seamless—so you are always prepared for and informed about any changes in the health of your workloads, ultimately to maintain your own SLAs and business promises.

We will continue to share updates on Project Flash through blogs like this, to ensure you stay up to date on the latest. Stay tuned!
Quelle: Azure