Kategorie: Microsoft Azure

Save up to 76 percent on Azure Synapse Analytics and gain breathtaking insights of your ERP data

To help customers save on data warehouse migration costs and accelerate time-to-insight on critical SAP data, we are announcing two new analytics offers from Azure Synapse Analytics.

Business disruptions, tactical pivots, and remote work have all emphasized the critical role analytics plays for every organization. Uncharted situations demand charted performance insights, so businesses can quickly determine what is and is not working. In recent months, the urgency for these business-guiding insights has only been heightened—leading to a need for real-time analytics solutions. And equally important is the need to discover and share these insights in the most cost-effective manner.

Azure Synapse has you covered. It is the undisputed leader in price-performance and when compared to other cloud providers is up to 14 times faster and costs 94 percent less. In fact, businesses using Azure Synapse today report an average ROI of 271 percent.

To help customers get started today, we are announcing the following new offers aimed at empowering businesses to act now wherever they are on their cloud analytics journey.

Save up to 76 percent when migrating to Azure Synapse

For customers that use an on-premises data warehouse, migrating to the cloud offers both significant cost savings and accelerated access to innovative features. Today, customers experience cost savings with our existing reserved capacity discount for cloud data warehousing with Azure Synapse. To boost these cost savings further, today we are announcing a new limited time offer that provides additional savings on top of the existing reserved capacity discount—enabling qualifying customers who currently use an on-premises data warehouse to save up to 76 percent when migrating to Azure Synapse.

To learn more about the terms and conditions and the qualification criteria of this offer, contact your Microsoft account representative. The migration offer is available until January 31, 2021.

Gain breathtaking insights of your ERP data with new offering from Azure, Power BI, and Qlik Data Integration

For companies worldwide, SAP data is at the core of their business applications—housing critical information on sales, manufacturing, and financial processes. However, due to the inherent complexity of SAP systems, many organizations struggle to integrate SAP data into modern analytics projects. To enable businesses to gain real-time insights from their SAP data, we are announcing a new joint offer with Qlik (formerly Attunity) that brings Azure Synapse, Power BI, and Qlik Data Integration together for end-to-end supply chain intelligence, finance analytics, and more.

With this new offer, customers can now work with Azure, Power BI, and Qlik Data Integration to easily understand how to enable real-time insights on SAP data through a robust proof of value. This joint proof-of-value offer provides customers a free solution architecture workshop, software subscriptions, and hands-on technical expertise from dedicated personnel and resources from both Microsoft and Qlik.

To learn more about this joint offer and how to apply, register for the upcoming webinar.

Get started today

Register for the webinar, Gain Real-Time SAP Data Insights with Azure Synapse Analytics, airing July 30, 2020 at 10:00 AM PT.
Try the new Azure Synapse features and  create an Azure Synapse workspace in minutes.
Learn more about the new joint offer, Unleash your SAP data with Microsoft and Qlik.

 

 

Migration offer details

The Azure Synapse Analytics reserved capacity plan for data warehousing (formerly SQL Data Warehouse) already enables customers to save up to 65 percent over pay-as-you-go pricing when they pre-pay for a three-year commitment. With this new migration offer, we are adding an extra 33 percent discount for three-year pre-commits that spend over $60,000/ year in year 2 and year 3 on SQL Data Warehouse Compute Optimized Gen2. Terms and conditions apply and can be discussed in full with your Microsoft account representative. More information on the Azure Synapse Analytics (formerly SQL Data Warehouse) reserved capacity plan can be found on the pricing page.

 

 

Quelle: Azure

Azure Partner Zone brings new resources and special events for Partners

On July 1, 2020, the Microsoft Azure team launched a new experience for Azure Partners on Azure Partner Zone. The site will feature the latest news, resources, and content to help partners stay abreast of emerging trends, learn about new products and features, and find the tools needed to build a thriving Azure practice.

In addition to the new web experience for Azure Partners, engineering and marketing teams across Azure will be hosting special events for partners, designed to help build, scale, and secure your Azure practice. The most recent event was with industry experts, Service Leadership Inc, aimed at helping our IT Service Partners prepare and manage a new global economic climate. The webinar illustrated likely upcoming macro-economic scenarios, likely Service Provider revenue and profit paths through recovery, and suggested actions for Service Providers to maximize revenue, profit, and safety. Access to the event recording is available on Partner Zone.

The next event is an exclusive pre-Inspire workshop for Microsoft Partners on Monday, July 20. This full-day, eight-session series is an interactive experience for partners designed to help you build and scale managed services on Azure.  Hear from leadership about the future of Azure and learn how you can leverage our cloud-native management solution to reduce operational costs, generate new revenue opportunities, and expand the value of your offerings. 

Azure Management Workshop details

The Azure Management Workshop: An interactive journey for building, scaling, and optimizing your Azure practice using our one native management solution for Azure.

Monday, July 20 from 9 AM to 5 PM Eastern Time.

Sessions include:

Unplugged with Azure Leadership, an Interview with Julia White, CVP Azure Marketing and Erin Chapple, CVP Azure Compute.
Partnering to Drive Customer Success Pre-, During, and Post-Migration to Azure.
Building Scalable Managed Services on Azure with Azure Lighthouse.
Enabling Governance for Managed Services with Azure Policy.
Enabling Hybrid Managed Service Capabilities with Azure Arc.
Deploying Azure Managed Services at Scale Using ARM Templates.
Building and Scaling a Managed Security Practice on Azure Using Azure Sentinel and Azure Lighthouse. 
Taking the Next Step: Becoming an Azure Expert MSP.

Register today for this one-time event on Azure Partner Zone.

The relaunch of Azure Partner Zone

Azure Partner Zone will be updated regularly to help partners migrate existing applications to Azure, innovate with new apps, and enable customers for success. Explore the Practices pages to discover Azure services aligned to support each of these business needs and alleviate challenges. To learn more about each one and drill further into available training documentation, head over to the Solutions pages. You’ll also find a section for building a COVID-19 strategy, showcasing the best tools and resources to help you and your customers navigate this unchartered climate.

For extended education, check out the Training Library, Partner Resources Catalog, and Partner News Center. Here you can dive into self-paced learning for almost any Azure topic, plus find white papers, datasheets, infographics, videos, latest industry blogs, and more. If you are short on time, try the ‘save’ feature to post things to your Partner Zone profile for viewing or revisiting later on. Visitors who log in to the site with their LinkedIn profile can find saved content under View my Toolkit from the profile dropdown.

Partner Zone also helps partners stay connected to the Azure team through the year-round Partner Newsletter and Azure Partner Community. Newsletter subscribers will get early access to the latest news, events, and opportunities for partner engagement while the Azure Partner Community offers a place for partner-to-partner connections and direct communications with the Azure team.

Build and expand your Azure practice today and visit Azure Partner Zone.
Quelle: Azure

Azure Maps Power BI visual now in preview

The Azure Maps visual for Power BI will be releasing as a preview this week. Power BI is a powerful analysis and visualization tool. Azure Maps is an important tool for gaining geospatial context and insights that can be used in decision making.

This initial release includes the following visualization layers:

Bubble layer
3D bar chart layer
Reference layer
Custom tile layer
Real-time traffic overlay

In addition to these visualization layers, this visual also leverages built-in Power BI features, such as tooltips, color themes, as wells as filter and slicer support.

Bubble layer—represent location data as scaled circles

Bubble layers are a great way to represent location data as scaled circles on the map. Customers can use a linear scaling method or customize the scaling logic using a logarithmic or Cubic-Bezier curve. Additionally, users can pass a value into the legend field and have the fill color of the circles dynamically set; and, outline the circles with a single color or enable the high contrast outline option to have a high contrast variant of the fill color assigned to the circle to help ensure the circles are clearly visible regardless of which style the map is set to. Allowing the user to easily visualize two metrics for each location on the map, scale, and category.

For example, the following image shows bicycle accident locations in North Carolina. The color indicates the speed limit of the road the accident occurred on and the size is based on the number of individuals involved in the accident.

3D bar chart layer—visualize location data as 3D bars or cylinders

3D bar charts are useful for taking data to the next dimension by allowing visualization of location data as 3D bars or cylinders on the map. Users can tilt and rotate the map by holding down the right mouse button and dragging or use one of the navigation controls to view your data from different perspectives.

Similar to the bubble layer, the bar chart later can easily visualize two metrics at the same time using color and relative height. The following map displays store locations with bar heights representing the revenue generated from each location, colored by sales region.

Reference layer—overlay additional data layers to add more context

Power BI currently allows a single data set to be connected to a visual. However, when working with maps, its often desirable to be able to overlay additional data layers to add more context to a report. With this feature, a GeoJSON file containing custom location data can be uploaded and overlaid on the map. Properties in the GeoJSON file can be used to customize the style of the shapes.

For example, the following map image adds a GeoJSON file of census tract boundaries colored by population below a layer of addresses colored by real estate value. This provides insights on how population density is related to property values.

Custom tile layer—superimpose images on top of Azure Maps base map tiles

Overlay a custom tile layer on the map to add an additional layer of context. Tile layers allow you to superimpose images on top of Azure Maps base map tiles. Overlay weather data from the Azure Maps weather services or bring your own tile service.

The following map displays a bubble layer of sales data of store selling sunglasses above a tile layer showing current weather radar from Azure Maps. In this case, we can easily see that less sales of sunglasses are occurring where it is rain.

Real-time traffic overlay—see how traffic congestion relates to your data

Users can overlay real-time traffic flow data to see how traffic congestion relates to their data. For example, the following map is showing the position of field technicians rendered as a bubble layer on the map colored by their experience level and scaled by the amount of remaining time on their current job. Real-time traffic is overlaid on the map and provides a quick visual reference of which technicians are most likely be delayed getting to their next job due to traffic congestion.

Get started with the Azure Maps visual for Power BI

To get started using the Azure Maps visual, first enable it in the Power BI desktop app. To do this, open the options panel though File > Options and settings. Go to the Preview features options and select the Azure Maps visual. Once this is done you will also be able to use this visual in the Power BI website.

This is just the beginning! We have lots of exciting new features planned. Have a feature request? Let us know or vote for an existing request on our feedback site.

Learn more about the Azure Maps Power BI visual.
Quelle: Azure

Azure Files support and new updates in advanced threat protection for Azure Storage

A year ago we announced the general availability of advanced threat protection for Azure Storage, to help our customers better protect their data in blob containers from the growing risk of cyberattacks. Since then, advanced threat protection for Azure Storage has been protecting millions of storage accounts and helping customers to detect common threats such as malware, access from suspicious sources (including TOR exit nodes), data exfiltration activities, and more.

Today we’re excited to announce the preview of extending advanced threat protection for Azure Storage to support Azure Files and Azure Data Lake Storage Gen2 API, helping our customers to protect their data stored in file shares and data stores designed for enterprise big data analytics.

Growing demand to secure file shares and data lakes

More and more organizations are moving their data to the cloud, seeking better security and data protection, data modernization, and optimized cost and performance of IT operations. It’s expected that over 80 percent of enterprise workloads will be in the cloud by the end of 2020.

This growing demand has also increased the popularity of Azure Files Storage, which delivers secure, Server Message Block (SMB) based, fully managed cloud file shares that can also be cached on-premises for performance and compatibility.

With Azure Files, organizations get the added benefit of a secure storage infrastructure that is massively scalable, and globally available. Even with all these capabilities, it’s still essential to bolster cybersecurity, especially with the growing complexity and sophistication of cyberattacks.

In addition, we’re seeing the growing demand for data stores optimized for big data analytics, and the need to serve and manage massive amounts of data. Azure Data Lake Storage Gen2 is a set of capabilities dedicated to big data analytics, built on Azure Blob storage while focusing on performance, management and security, it supports serving multiple petabytes of information while sustaining hundreds of gigabits.

What’s included in advanced threat protection for Azure Files and ADLS Gen2 API

Advanced threat protection for Azure Storage provides an additional layer of security intelligence that provides alerts when it detects unusual and potentially harmful attempts to access or exploit your storage accounts. This layer of protection allows you to address threats without being a security expert or managing security monitoring systems.

Security alerts are triggered when anomalies in activity occur. These security alerts are integrated with Azure Security Center and are also sent via email to subscription administrators, with details of suspicious activity and recommendations on how to investigate and remediate threats.
 

Besides the built-in security of Azure file shares and data lakes, customers of advanced threat protection for Azure Storage also benefit from:

World-class algorithms that learn, profile, and detect unusual or suspicious activity in your file shares.
Actionable alerts in a centralized view in Azure Security Center with optional email notifications.
Integration with Azure Sentinel for efficient threat investigation.
Azure-native support for Azure Files with one click enablement from the Azure portal and with no need to modify your application code.

Get started today

We encourage you to try out advanced threat protection for Azure Storage and start detecting potential threats on your Azure Files shares and Azure Blob containers. Advanced threat protection for Azure Storage needs to be enabled on the storage accounts containing the files shares and blob containers you want to protect.

We recommend enabling advanced threat protection for Azure storage on the subscription level by following the instructions here: Configure advanced threat protection for Azure Storage.

Learn more about the pricing of advanced threat protection for Storage price in Azure Security Center pricing page.

For more information on Azure Security Center, please visit Azure Security Center web page.
Quelle: Azure

Making buildings smarter with Azure IoT

Commercial real estate developers, building owners, facilities management companies, and tenants have a huge opportunity to address, and solve for, the unique business challenges faced by their industry, by applying the Internet of Things (IoT) to buildings. For example, by leveraging data from IoT sensors and building management systems, companies can gain insights that enable them to save energy, reduce operational expenses, increase occupant comfort, and optimize space.

However, the COVID-19 crisis has presented a new set of challenges for developers, owners, and management companies. New forecasts show the smart building market size growing between 7.3 percent and 11.6 percent annually to overall market revenues of between $65.2 billion and $82.7 billion USD in 2025.1

Smart buildings also help companies meet regulations for tracking and reducing greenhouse gas emissions.

Let’s look at how Bosch Building Technologies, Bentley Systems, Schneider Electric, and ICONICS use Azure IoT to deliver the benefits of smart buildings.

Decreasing energy requirements

The American Council for an Energy-Efficient Economy estimates that implementing smart building technology in an existing building can result in energy savings of 30–50 percent.2 For example, companies can combine data from occupancy sensors with data from HVAC and lighting systems to lower room temperatures and turn lights off in unoccupied rooms.

Bosch Building Technologies developed an in-house Energy Platform to analyze energy consumption and pursue ongoing energy efficiency. Based on Microsoft Azure, the Energy Platform monitors and analyzes energy consumption in real-time. Bosch customers use the Energy Platform to connect to IoT enabled devices and then link to existing meters, sensors, and machines. Customers can make informed decisions to improve energy and resource efficiency.

Bosch offers the solution to customers and uses it internally at more than 100 manufacturing plants worldwide. At one of their larger plants, Bosch saves up to €1.2 million (approximately $1.3 million USD) a year.

Bosch also created a Building Intelligence as a Service program to provide new IoT-based services for customers. Bosch adopted Azure Digital Twins as part of their Connected Building Services offering. By leveraging Azure Digital Twins, the company can query data from entire rooms or spaces, rather than from disparate sensors, to build complete digital models of the physical building environment.

By using Azure Digital Twins, Bosch gains more precise data for a wide range of building technology systems. With this level of precision, it’s easier for customers to fully understand data points, consumption results, context, and how they relate to the physical environment to quickly gain insights on energy usage to inform their business decisions.

Human factor design of new buildings can help decrease energy requirements.

Creating a connected workplace

At Microsoft’s Frasers Tower in Singapore, Bentley Systems and Schneider Electric implemented sensors and telemetry to create a connected workplace. They used a mix of 179 Bluetooth beacons in meeting rooms and 900 sensors for lighting, air quality, and temperature. The platform generates nearly 2,100 data points that are stored and analyzed in Azure. Using the data, Microsoft optimizes various aspects of the spaces, making them more comfortable for employees, while reducing energy consumption in a sustainable and economical manner.

Additionally, Bentley Systems built a digital twin of the Fraser Towers on its Bentley iTwin platform—using Azure Digital Twins, Azure IoT Hub, and Azure Time Series Insights. The iTwin platform uses both historical and real-time data from IoT sensors to create an exact digital replica of the physical building. The building management team uses the information to dynamically allocate space, increase utilization, reduce costs, improve competitiveness, and enhance collaboration and productivity.

Sensors generate data that is stored and analyzed to decrease energy use.

Monitoring occupancy and reducing costs

ICONICS smart building software has run on Microsoft Azure since 2015. The software is an integration hub for building management systems that control heating, ventilation, and lighting and collect and centralize each system’s sensor data. ICONICS relies on Azure Digital Twins to boost solution scalability and rapidly deliver innovative capabilities to customers, such as viewing space occupancy and spatial analytics.

Microsoft uses the ICONICS smart building software to collect sensor data in office buildings in the Puget Sound area of Washington State. The ICONICS solution aggregates the data over multiple buildings to give facility managers visibility into building health and applies big data analytics to provide insights that drive decisions in order to deliver energy savings. In fact, the Microsoft Energy Smart Buildings program, leveraging ICONICS software, has saved Microsoft 20 percent off its energy bills.

Next steps

Smart buildings provide insights that enable real estate developers, commercial building owners, facilities managers, and tenants to save energy, reduce operational expenses, increase occupant comfort, and meet regulatory and sustainability goals.

To learn more about best practices for planning smart building projects, download the white paper, Smart buildings: From design to reality, co-written by Microsoft and L&T Technology Services.

Also visit, Azure IoT to find the right IoT approach for your solutions.

 

1Impact of COVID-19 on the Global IoT in Smart Commercial Buildings Market to 2025 – ResearchAndMarkets.com.

2 Smart Buildings: Using Smart Technology to Save Energy in Existing Buildings.
Quelle: Azure

Azure AI: Build mission-critical AI apps with new Cognitive Services capabilities

As the world adjusts to new ways of working and staying connected, we remain committed to providing Azure AI solutions to help organizations invent with purpose.

Building on our vision to empower all developers to use AI to achieve more, today we’re excited to announce expanded capabilities within Azure Cognitive Services, including:.

Text Analytics for health preview.
Form Recognizer general availability.
Custom Commands general availability.
New Neural Text to Speech voices.

Companies in healthcare, insurance, sustainable farming, and other fields continue to choose Azure AI to build and deploy AI applications to transform their businesses. According to IDC1, by 2022, 75 percent of enterprises will deploy AI-based solutions to improve operational efficiencies and deliver enhanced customer experiences.

To meet this growing demand, today’s product updates expand on existing language, vision, and speech capabilities in Azure Cognitive Services to help developers build mission-critical AI apps that enable richer insights, save time and reduce costs, and improve customer engagement.

Get rich insights with powerful natural language processing

One of the ways organizations are adapting is scaling the ability to rapidly process data and generate new insights from data. COVID-19 has accelerated the urgency, particularly for the healthcare industry. With the overwhelming amount of healthcare data generated every year2, it is increasingly critical for providers to quickly unlock access to this information to find new solutions that improve patient outcomes.

We are excited to introduce Text Analytics for health, a new feature of Text Analytics that enables health care providers, researchers, and companies to extract rich insights and relationships from unstructured medical data. Trained on a diverse range of medical data—covering various formats of clinical notes, clinical trials protocols, and more—the health feature is capable of processing a broad range of data types and tasks, without the need for time-intensive, manual development of custom models to extract insights from the data.

In response to the COVID-19 pandemic, Microsoft partnered with the Allen Institute of AI and leading research groups to prepare the COVID-19 Open Research Dataset. Based on the resource of over 47,000 scholarly articles, we developed a COVID-19 search engine using Text Analytics for health and Cognitive Search, enabling researchers to generate new insights in support of the fight against the disease.

Additionally, we continue to make advancements in natural language processing (NLP) so developers can more quickly build apps that generate insights about sentiment in text. The opinion mining feature in Text Analytics assigns sentiment to specific features or topics so that users can better understand customer feedback from social media data, review sites, and more.

Save time and reduce costs by turning forms into usable data

A lot of the unstructured data is contained in forms that have tables, objects, and other elements. These types of documents typically take manual labeling by document type or intensive coding to extract insights.

We’re making Form Recognizer generally available to help developers extract information from millions of documents efficiently and accurately—no data science expertise needed.

Customers like Sogeti, part of the Capgemini Group, are using Form Recognizer to help their clients more quickly process large volumes of digital documents.

“Sogeti constantly looks for new ways to help clients in their digital transformation journey by providing cutting-edge solutions in AI and machine learning. Our Cognitive Document Processing (CDP) offer enables clients to process and classify unstructured documents and extract data with high accuracy resulting in reduced operating costs and processing time. CDP leverages the powerful cognitive and tagging capabilities of the Form Recognizer to extract effortlessly, keyless paired data and other relevant information from scanned/digital unstructured documents, further reducing the overall process time.” – Mark Oost – Chief Technology Officer at Sogeti, Artificial Intelligence and Machine Learning

Wilson Allen, a leading provider of consulting and analytics solutions, is using Form Recognizer to help law and other professional services firms process and evaluate documents (PDFs and images, including financial forms, loan applications, and more), and train custom models to accurately extract values from complex forms.

“The addition of Form Recognizer to our toolkit is helping us turn large amounts of unstructured data into valuable information, saving more than 400 hours of manual data entry and freeing up time for employees to work on more strategic tasks.” – Norm Mullock – VP of Strategy at Wilson Allen

Improve customer engagement with voice-enabled apps

People and organizations continue to look for ways to enrich customer experiences while balancing the transition to digital-led, touch-free operations2. Advancements in voice technology are empowering developers to create more seamless, natural, voice-enabled experiences for customers to interact with brands.

One of those advancements, Custom Commands, a capability of Speech in Cognitive Services, is now generally available. Custom Commands allows developers to create task-oriented voice applications more easily for command-and-control scenarios that have a well-defined set of variables, like voice-controlled smart home thermostats. It brings together Speech to Text for speech recognition, Language Understanding for capturing spoken entities, and voice response with Text to Speech, to accelerate the addition of voice capabilities to your apps with a low-code authoring experience.

In addition, Neural Text to Speech is expanding language support with 15 new natural-sounding voices based on state-of-the-art neural speech synthesis models: Salma in Arabic (Egypt), Zariyah in Arabic (Saudi Arabia), Alba in Catalan (Spain), Christel in Danish (Denmark), Neerja in English (India), Noora in Finnish (Finland), Swara in Hindi (India), Colette in Dutch (Netherland), Zofia in Polish (Poland), Fernanda in Portuguese (Portugal), Dariya in Russian (Russia), Hillevi in Swedish (Sweden), Achara in Thai (Thailand), HiuGaai in Chinese (Cantonese, Traditional) and HsiaoYu in Chinese (Taiwanese Mandarin).

Customers are already adding speech capabilities to their apps to improve customer engagement. With Cognitive Services and Bot Service, the BBC created an AI-enabled voice assistant, Beeb, that delivers a more engaging, tailored experience for its diverse audiences.

We are excited to introduce these new product innovations that empower all developers to build mission-critical AI apps. To learn more, check out our resources below.

Get started today

Learn more with the resources below and get started with Azure Cognitive Services and an Azure free account.

Text Analytics for health: Read the technical blog for more information. See it in action with the COVID-19 search engine demo. Enter medical terms such as “ibuprofen” in the search bar and try exploring graph relationships.
Form Recognizer: Read the technical blog for more information. See it in action with the Form Recognizer demo, showcasing the ability to extract information from different types of forms. Access the code samples.
Custom Commands: Read the technical blog for more information. See it in action with the inventory, hospitality, and automotive demos. Start by selecting your scenario and saying a command out loud per the prompt. Access the code samples.
Neural Text to Speech: Read the technical blog for more information. See it in action with the demo. Use the pre-populated text or add your own, and try finetuning audio output. Access the code samples.

1 Worldwide Artificial Intelligence Predictions (IDC FutureScape 2020).

2 Adapting customer experience in the time of coronavirus (McKinsey 2020).

Quelle: Azure

Plan your migration to Azure VMware solution using Azure Migrate

Azure Migrate now supports assessments for Azure VMware Solution (AVS), providing even more options for you to plan your migration to Azure. AVS enables you to run VMware natively on Azure. AVS provides a dedicated Software Defined Data Center (SDDC) for your VMware environment on Azure, ensuring you can leverage familiar VMware tools and investments, while modernizing applications overtime with integration to Azure native services. Delivered and operated as a service, your private cloud environment provides all compute, networking, storage, and software required to extend and migrate your on-premises VMware environments to Azure.

As organizations now more than ever look for cost efficiencies, business stability, and consistency, choosing the most efficient migration path is imperative. This means considering a number of different workload scenarios and destinations, such as migrating your servers to Azure Virtual Machines or running your existing VMware workloads natively on Azure with AVS.

Previously, Azure Migrate tooling provided support for migrating Windows and Linux servers to Azure Virtual Machines, as well as support for database, web application, and virtual desktop scenarios. Now, you can use the migration hub to assess machines for migrating to AVS as well.

With the Azure Migrate: Server Assessment tool, you can analyze readiness, Azure suitability, cost planning, performance-based rightsizing, and application dependencies for migrating to AVS. The AVS assessment feature is currently available in preview.

This expanded support allows you to get an even more comprehensive assessment of your datacenter. Compare cloud costs between Azure native virtual machines (VMs) and AVS to make the best migration decisions for your business. Azure Migrate acts as an intelligent hub, gathering insights throughout the assessment to make suggestions, including tooling recommendations for migrating VM or VMware workloads.

How to perform an AVS assessment

You can use all the existing assessment features that Azure Migrate offers for Azure Virtual Machines to perform an AVS assessment. Plan your migration to AVS with up to 35,000 VMware servers in one Azure Migrate project.

Discovery: Use the Azure Migrate: Server Assessment tool to perform a datacenter discovery, either by downloading the Azure Migrate appliance or by importing inventory data through a CSV upload. Read Assess your servers with a CSV import into Azure Migrate to learn more about the import feature.
Group servers: Create groups of servers from the list of machines discovered. Here, you can select whether you’re creating a group for an Azure Virtual Machine assessment or AVS assessment. Application dependency analysis features allow you to refine groups based on connections between applications.
Assessment properties: You can customize the AVS assessments by changing the properties and recomputing the assessment. Select a target location, node type, and Redundant Array of Independent Disks (RAID) level—there are currently three locations available—including East US, West Europe, and West US, and more will continue to be added as additional nodes are released.
Suitability analysis: The assessment gives you a few options for sizing nodes in Azure, between performance-based or as on-premises. It checks AVS support for each of the discovered servers and determines if the server can be migrated “as is” to AVS. If there are any issues found, the assessment automatically provides remediation guidance.
Assessment and cost planning report: Run the assessment to get a look into how many machines are in use and what estimated monthly and per-machine costs will be in AVS. The assessment also recommends a tool for migrating the machines to AVS. With this, you have all the information you need to plan and execute your AVS migration as efficiently as possible.
 

AVS Assessment and cost planning report.

 
AVS Readiness report with suggested migration tool.

Learn more

For detailed instructions on how to perform an AVS assessment, go to the documentation page.
Read more about Azure VMware Solution on the website or documentation page.
Learn more about Azure Migrate on the Azure Migrate website.
Watch the latest Azure Migrate video for a demo of performing a server migration.
Check out the new Azure Migrate e-book.

Quelle: Azure

Azure Firewall Manager is now generally available

Azure Firewall Manager is now generally available and includes Azure Firewall Policy, Azure Firewall in a Virtual WAN Hub (Secure Virtual Hub), and Hub Virtual Network. In addition, we are introducing several new capabilities to Firewall Manager and Firewall Policy to align with the standalone Azure Firewall configuration capabilities.

Key features in this release include:Threat intelligence-based filtering allow list in Firewall Policy is now generally available.Multiple public IP addresses support for Azure Firewall in Secure Virtual Hub is now generally available.Forced tunneling support for Hub Virtual Network is now generally available.Configuring secure virtual hubs with Azure Firewall for east-west traffic (private) and a third-party security as a service (SECaaS) partner of your choice for north-south traffic (internet bound). Integration of third-party SECaaS partners are now generally available in all Azure public cloud regions.Zscaler integration will be generally available on July 3, 2020. Check Point is a supported SECaaS partner and will be in preview on July 3, 2020. iboss integration will be generally available on July 31, 2020.Support for domain name system (DNS) proxy, custom DNS, and fully-qualified domain name (FQDN) filtering in network rules using Firewall Policy are now in preview.

Firewall Policy is now generally available

Firewall Policy is an Azure resource that contains network address translation (NAT), network, and application rule collections, as well as threat intelligence and DNS settings. It’s a global resource that can be used across multiple Azure Firewall instances in Secured Virtual Hubs and Hub Virtual Networks. Firewall policies work across regions and subscriptions.

You do not need Firewall Manager to create a firewall policy. There are many ways to create and manage a firewall policy, including using REST API, PowerShell, or command-line interface (CLI).

After you create a firewall policy, you can associate the policy to one or more firewalls using Firewall Manager or using REST API, PowerShell, or CLI.  Refer to the policy-overview document for a more detailed comparison of rules and policy.

Migrating standalone firewall rules to Firewall Policy

You can also create a firewall policy by migrating rules from an existing Azure Firewall. You can use a script to migrate firewall rules to Firewall Policy, or you can use Firewall Manager in the Azure portal.

Importing rules from an existing Azure Firewall.

Firewall Policy pricing

If you just create a Firewall Policy resource, it does not incur any charges. Additionally, a firewall policy is not billed if it is associated with just a single Azure firewall. There are no restrictions on the number of policies you can create.

Firewall Policy pricing is fixed per Firewall Policy per region. Within a region, the price for Firewall Policy managing five firewalls or 50 firewalls is the same. The following example uses four firewall policies to manage 10 distinct Azure firewalls:

Policy 1: cac2020region1policy—Associated with six firewalls across four regions. Billing is done per region, not per firewall.
Policy 2: cac2020region2policy—Associated with three firewalls across three regions and is billed for three regions regardless of the number of firewalls per region.
Policy 3: cac2020region3policy—Not billed because the policy is not associated with more than one firewall.
Policy 4: cacbasepolicy—A central policy that is inherited by all three policies. This policy is billed for five regions. Once again, the pricing is lower compared to per-firewall billing approach.

Firewall Policy billing example.

Configure a threat intelligence allow list, DNS proxy, and custom DNS

With this update, Firewall Policy supports additional configurations including custom DNS and DNS proxy settings (preview) and a threat intelligence allow list. SNAT Private IP address range configuration is not yet supported but is in our roadmap.

While Firewall Policy can typically be shared across multiple firewalls, NAT rules are firewall specific and cannot be shared. You can still create a parent policy without NAT rules to be shared across multiple firewalls and a local derived policy on specific firewalls to add the required NAT rules. Learn more about Firewall Policy.

Firewall Policy now supports IP Groups

IP Groups is a new top-level Azure resource in that allows you to group and manage IP addresses in Azure Firewall rules. Support for IP Groups is covered in more detail in our recent Azure Firewall blog.

Configure secured virtual hubs with Azure Firewall and a third-party SECaaS partner

You can now configure virtual hubs with Azure Firewall for private traffic (virtual network to virtual network/branch to virtual network) filtering and a security partner of your choice for internet (virtual network to internet/branch to internet) traffic filtering.

A security partner provider in Firewall Manager allows you to use your familiar, best-in-breed, third-party SECaaS offering to protect internet access for your users. With a quick configuration, you can secure a hub with a supported security partner, and route and filter internet traffic from your virtual networks (VNets) or branch locations within a region. This is done using automated route management, without setting up and managing User Defined Routes (UDRs).

You can create a secure virtual hub using Firewall Manager’s Create new secured virtual hub workflow. The following screenshot shows a new secure virtual hub configured with two security providers.

Creating a new secure virtual hub configured two security providers.

Securing connectivity

After you create a secure hub, you need to update the hub security configuration and explicitly configure how you want internet and private traffic in the hub to be routed. For private traffic, you don’t need to specify prefixes if it’s in the RFC1918 range. If your organization uses public IP addresses in virtual networks and branches, you need to add those IP prefixes explicitly.

To simplify this experience, you can now specify aggregate prefixes instead of specifying individual subnets. Additionally, for internet security via a third-party security provider, you need to complete your configuration using the partner portal. Please see the security partner provider page for more details.

Selecting a third-party SECaaS for internet traffic filtering.

Secured virtual hub pricing

A secured virtual hub is an Azure Virtual WAN Hub with associated security and routing policies configured by Firewall Manager. Pricing for secured virtual hubs depends on the security providers configured.

See the Firewall Manager pricing page for additional details.

Next steps

For more information on these announcements, see the following resources:

Firewall Manager documentation.
Azure Firewall Manager now supports virtual networks blog.
New Azure Firewall features in Q2 CY2020 blog.

Quelle: Azure

Build, distribute, and deploy application updates to Azure virtual machine scale sets

As the needs of your business grow, and you deploy business-critical applications at cloud scale, the complexity and administrative overhead of managing those applications can increase substantially. To help reduce this management overhead, Azure continues to invest in new capabilities that make it easier to build and distribute application updates across distributed cloud environments.

We recently announced the general availability of automatic image-based upgrades for custom images, providing you the ability to automatically deploy new versions of virtual machine (VM) images to your virtual machine scale sets. Automatic image upgrade natively integrates with Shared Image Gallery, combining the scalable distribution of VM images with the ease and safety of orchestrated infrastructure updates, to offer an end-to-end solution from image publishing to workload deployment.

This blog describes how you can use integrated Azure services to build custom images with your application updates, distribute those images across your organization and automatically deploy the new images to your virtual machine scale sets.

Build images with application updates

Deploying application and security updates across an organization can often be a complex process, involving multiple stages of deployments across disjointed systems. Standardized VM images allow organizations to ensure consistency across deployments, and these images typically include predefined security and configuration settings, and software workloads.

You can build standardized images through your own imaging pipeline or use the Azure VM Image Builder service. Using Azure VM Image Builder (currently in preview), you can quickly start building standardized images without needing to set up your own imaging pipeline. Just provide a simple configuration describing your image, submit it to the Image Builder service, and the image is built and distributed.

The Azure VM Image Builder lets you start with a Windows or Linux-based Azure Marketplace image, as well as existing custom images, and add your own customizations.

Distribute your images

Shared Image Gallery enables image distribution across multiple subscriptions and regions through a centralized image management platform. Shared Image Gallery helps you organize images in logical groups by specifying different image definitions and image versions, allowing you to iterate new image builds for different applications.

As you build new image versions with Image Builder, you can also distribute these images globally by replicating the images across multiple Azure regions based on your organization’s needs. You only need to specify the target regions and Shared Image Gallery will replicate your image versions to the regions you selected.

Shared Image Gallery also allows you to share your images across subscriptions and Azure Active Directory (Azure AD) tenants, so you can centralize image management across your entire organization.

Deploy your images

The final step in the process is the deployment of your newly created images to your virtual machine scale sets. With automatic OS image upgrade enabled for your scale sets, you do not need to take any additional action to deploy your images. Automatic OS image upgrade monitors your image gallery and automatically begins scale set upgrades when a new image version is deployed, facilitating faster image deployment without manual overhead.

An upgrade works by replacing the OS disk of a VM with a new disk created using the latest image version. Any configured extensions and custom scripts are run on the OS disk, while data disks are retained. To minimize the application downtime, upgrades take place in batches, with no more than 20 percent of the scale set upgrading at any time. The update orchestrator monitors the health of the VMs being upgraded as well as the health of the scale set during the upgrade process. If more than 20 percent of the scale set virtual machines become unhealthy, then the scale set upgrade stops at the end of the current batch. The upgrade process also supports automatic rollback for upgrade failures. This ensures that rollouts are gradual and orchestrated in a safe manner, preventing any scale set-wide disruption caused by a customization in the image.

An upgrade on a scale set only starts when the new image version is replicated to the region of the scale set. You can stagger global deployments by staging imaging replication to different regions at different times, further increasing global application uptime.

Get started

You can start from your image definition under Shared Image Gallery through the Azure portal and use the + Create VMSS option to create a new scale set from your image.

In the create experience for virtual machine scale set, under the Management tab, simply select the On option for Automatic OS upgrades.

You can also further customize the process and integrate your existing image building pipeline with Shared Image Gallery to benefit from automatic OS image upgrade.

Read the Azure documentation to learn more about the powerful capabilities described above.

Automatic OS image upgrade
Shared Image Gallery
Azure VM Image Builder

Quelle: Azure

New Azure Firewall features in Q2 CY2020

We are pleased to announce several new Azure Firewall features that allow your organization to improve security, have more customization, and manage rules more easily. These new capabilities were added based on your top feedback:

Custom DNS support now in preview.
DNS Proxy support now in preview.
FQDN filtering in network rules now in preview.
IP Groups now generally available.
AKS FQDN tag now generally available.
Azure Firewall is now HIPAA compliant. 

In addition, in early June 2020, we announced Azure Firewall forced tunneling and SQL FQDN filtering are now generally available.

Azure Firewall is a cloud-native firewall as a service (FWaaS) offering that allows you to centrally govern and log all your traffic flows using a DevOps approach. The service supports both application and network-level filtering rules and is integrated with the Microsoft Threat Intelligence feed for filtering known malicious IP addresses and domains. Azure Firewall is highly available with built-in auto scaling.

Custom DNS support now in preview

Since its launch in September 2018, Azure Firewall has been hardcoded to use Azure DNS to ensure the service can reliably resolve its outbound dependencies. Custom DNS provides separation between customer and service name resolution. This allows you to configure Azure Firewall to use your own DNS server and ensures the firewall outbound dependencies are still resolved with Azure DNS. You may configure a single DNS server or multiple servers in Azure Firewall and Firewall Policy DNS settings.

Azure Firewall is also capable of name resolution using Azure Private DNS, as long as your private DNS zone is linked to the firewall virtual network.

DNS Proxy now in preview

With DNS proxy enabled, outbound DNS queries are processed by Azure Firewall, which initiates a new DNS resolution query to your custom DNS server or Azure DNS. This is crucial to have reliable FQDN filtering in network rules. You may configure DNS proxy in Azure Firewall and Firewall Policy DNS settings. 

DNS proxy configuration requires three steps:

Enable DNS proxy in Azure Firewall DNS settings.
Optionally configure your custom DNS server or use the provided default.
Finally, you must configure the Azure Firewall’s private IP address as a Custom DNS server in your virtual network DNS server settings. This ensures DNS traffic is directed to Azure Firewall.

 
Figure 1. Custom DNS and DNS Proxy settings on Azure Firewall.

FQDN filtering in network rules now in preview

You can now use fully qualified domain names (FQDN) in network rules based on DNS resolution in Azure Firewall and Firewall Policy. The specified FQDNs in your rule collections are translated to IP addresses based on your firewall DNS settings. This capability allows you to filter outbound traffic using FQDNs with any TCP/UDP protocol (including NTP, SSH, RDP, and more). As this capability is based on DNS resolution, it is highly recommended you enable the DNS proxy to ensure your protected virtual machines and firewall name resolution are consistent.

FQDN filtering in application rules for HTTP/S and MSSQL is based on application level transparent proxy. As such, it can discern between two FQDNs that are resolved to the same IP address. This is not the case with FQDN filtering in network rules, so it is always recommended you use application rules when possible.

 
Figure 2. FQDN filtering in network rules.

IP Groups now generally available

IP Groups is a new top-level Azure resource that allows you to group and manage IP addresses in Azure Firewall rules. You can give your IP group a name and create one by entering IP addresses or uploading a file. IP Groups eases your management experience and reduce time spent managing IP addresses by using them in a single firewall or across multiple firewalls. IP Groups is now generally available and supported within a standalone Azure Firewall configuration or as part of Azure Firewall Policy. For more information, see the IP Groups in Azure Firewall documentation.

Figure 3. Creating a new IP Group.

AKS FQDN tag now in generally available

An Azure Kubernetes Service (AKS) FQDN tag can now be used in Azure Firewall application rules to simplify your firewall configuration for AKS protection. Azure Kubernetes Service (AKS) offers managed Kubernetes cluster on Azure that reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure.

For management and operational purposes, nodes in an AKS cluster need to access certain ports and FQDNs. For more guidance on how to add protection for Azure Kubernetes cluster using Azure Firewall, see Use Azure Firewall to protect Azure Kubernetes Service (AKS) Deployments. 

  Figure 4. Configuring application rule with AKS FQDN tag.

Next steps

For more information on everything we covered here, see these additional resources:

Azure Firewall documentation.
Azure Firewall Forced Tunneling and SQL FQDN filtering now generally available.
Azure Firewall IP Groups.
Azure Firewall Custom DNS, DNS Proxy (preview).
Azure Firewall FQDN filtering in network rules (preview).
Use Azure Firewall to protect Azure Kubernetes Service (AKS) Deployments. 

Quelle: Azure