Kategorie: Microsoft Azure

Secure and compliant APIs for a hybrid and multi-cloud world

APIs are everywhere. The broad proliferation of applications throughout enterprises often results in large silos of opaque processes and services, making it hard for IT to manage and govern APIs in a systematic way, and for development teams to gain visibility into and make use of APIs that already exist.

Entire industries, such as financial services, are embracing APIs as a means to become more open, for example with open banking initiatives. Open banking is an API-first approach to creating more open, rich ecosystems that encourage third-party participation and usage of the services financial institutions have previously kept behind the scenes.

Products, such as Azure API Management, were created to address these issues. By letting you manage all APIs in a single, centralized location, you are able to impose authentication, authorization, throttling, and transformation policies and easily monitor the usage of the APIs associated with your applications, giving you the much-needed visibility into your application portfolio(s) at a macro-level.

To succeed in an increasingly connected world, it is key to adopt an API-first approach that lets you:

Embrace innovation by creating vibrant API ecosystems.
Secure and manage APIs seamlessly in a hybrid world.

APIs can be a bridge to the uncertain future and help you safely traverse over turbulent waters.

Embrace innovation by creating vibrant API ecosystems

Microsoft offers all of the tools to be able to immediately capitalize on new opportunities as they emerge in the business landscape. Our infrastructure technologies, such as Kubernetes and serverless computing, accelerate development velocity and help developers move faster than ever before. Our API technologies, such as API management, accelerate the speed at which new opportunities can be acted upon, by immediately providing channels for partners, developers, customers, and other third-parties to leverage new technology which is created. These types of activities are often done with tools such as an API developer portal.

Azure API Management’s developer portal lets you easily grant access (and control) to APIs. The developer portal provides documentation on how to use the APIs and creates a simple, easy way for people to get started. A developer portal is an integral part of any API-first approach, which is why we’re announcing the general availability of our greatly improved developer portal experience.

You can now easily customize the developer portal with a visual user interface, helping create a branded experience. The developer portal is open-source and built with extensibility in mind. You can easily fork our exacting repository and customize it to meet your needs. It was created using contemporary JAMstack technologies that significantly reduce page load times, to make it as frictionless of user experience as possible.

You can learn more about this announcement by reading our Azure Update on the release.

Secure and manage APIs seamlessly in a hybrid world

Today’s most popular API management solutions run in public clouds. And while having a purely cloud-based API management service can work for pretty much all scenarios, it’s not always the best choice. Perhaps compliance requirements mandate that information must stay on the corporate network, or maybe accessing the cloud is prohibited by company policy. Whatever the reason, scenarios like this can’t use an API management service running in any public cloud; the service must run on-premises.

To meet your hybrid requirements, we’re announcing the preview of Azure Arc enabled API Management, a self-hosted API gateway. The new self-hosted API gateway doesn’t replace the primary cloud-based API management service. Instead, it augments this service by providing the essential aspects of API management in software that organizations can run wherever they choose.

It adds a containerized version of the Azure API Management gateway you can host on-premises or another environment that supports the deployment of Docker containers. It enables more efficient call patterns for internal-only and internal and external APIs and is managed from a cloud-based Azure API Management instance. Azure Arc enabled API Management enables you to run the self-hosted API management gateway in your own on-premises datacenter or run the self-hosted API management gateway in another cloud.

Read the whitepaper we’ve released, API management in a hybrid and multi-cloud world, which goes into further detail technical detail on Azure Arc enabled API Management, as well as the strategic benefits you receive when adopting this approach.

Or, you can start a free trial of Microsoft Azure and check out API Management for yourself.

Heading into the future

APIs are the way that businesses will continue to communicate. The growth of APIs has continued to increase, and the rise of the API product is happening right now. Many different companies now offer API-first products and are a powerful reminder that a well thought out API strategy is going to be key to any business' strategy moving forward.

To learn more about what APIs and API Management can do for you, you can visit API Management on Azure.

Azure. Invent with purpose.
Quelle: Azure

New Azure Security Center and Azure platform security capabilities

At Microsoft Ignite we're sharing the many new capabilities our teams have built to improve security with Azure Security Center and the Azure Platform. We have a long list of new innovations, and this blog provides our general direction and summarizes some of our favorite new features. For more information, you can read all the details in our Azure Security Center Community post.

Turn on the protection you need with Azure Security Center

Azure Security Center provides unified infrastructure security management that strengthens security posture and provides advanced threat protection across your workloads running in Azure, on-premises, and in other clouds. It enables continuous assessment of security posture, protects against cyberattacks using Microsoft’s vast threat intelligence, and helps implement security faster with integrated controls.

With Security Center, you can monitor the security of machines, networks, and Azure services using hundreds of built-in security assessments or create your own in a central dashboard.

Extending Azure Security Center’s coverage with a platform for community and partners

A constantly evolving threat landscape requires new approaches to protection, cloud security posture, enterprise-scale deployment, and automation. Through partnering with members of the Microsoft Intelligent Security Association, Microsoft is able to leverage a vast knowledge pool to defend against a world of increasing cybersecurity threats.

Leverage all of Security Center's capabilities against built-in and partner recommendations. Azure Security Center's simple onboarding flow connects existing solutions, including Check Point CloudGuard, CyberArk, and Tenable, enabling you to view all security posture recommendations in a single place. Run unified reports and export Security Center’s recommendations for connected partner products.

We invite users to contribute and help improve policies and configurations used in Security Center through the Azure Security Center community menu for additional scripts, content, and community resources.

Enhanced threat protection for cloud resources

Threat protection detects and prevents attacks across a wide variety of services, from infrastructure as a service (IaaS) layer to platform as a service (PaaS) resources in Azure, including Azure IoT and Azure App Service, and on-premises virtual machines.

Stream threat detection findings to Azure Sentinel for investigation, threat hunting, correlation with signals from other security solutions, and security operations center (SOC) level management.

The latest threat protection capabilities include:

Threat protection and vulnerability assessment support for SQL Server hosted on an Azure Virtual Machine.
Vulnerability assessment capabilities for VMs is part of our virtual machine protection offering (powered by Qualys) at no additional cost. Security Center collects the vulnerabilities and displays them as part of the secure score.
Threat protection suite for containers focusing on Azure Kubernetes Service (AKS) includes scanning of container images for vulnerabilities, secure configuration of the AKS cluster, and threat detection on the Kubernetes runtime activities.
Threat protection for Azure Key Vault is in preview in North America regions. This provides an additional layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your encryption keys, certificates, and secrets in Azure Key Vault.

Threat protection for Azure Storage offers new detections powered by Microsoft Threat Intelligence for detecting malware uploads to Azure Storage using hash reputation analysis and suspicious access from an active Tor exit node (an anonymizing proxy.) You can now view detected malware across storage accounts using Azure Security Center.

Cloud security posture management enhancements

Misconfiguration is the most common cause of security breaches for cloud workloads. Security Center provides a bird’s eye security posture view across your Azure environment, enabling you to continuously monitor and improve your security posture using the Azure secure score. Security Center helps manage and enforce your security policies to identify and fix misconfigurations across different resources and maintain compliance.

New capabilities:

Secure score simplified: Use the updated, percentage based secure score to get better visibility into the secure score controls and provide a more reliable method for calculating the score.

Address misconfigurations faster with new quick-fix capabilities.

Add custom assessments, created in Azure Policy, into the secure score and monitor their compliance state in Security Center.

Automatically assess compliance state against a new set of regulatory standards, including NIST SP 800-53 R4, SWIFT CSP CSCF v2020, Canada Federal PBMM, and UK Official together with UK NHS.

Misconfigurations are the leading source of attacks and improving your secure score can make a remarkable difference in your overall security posture.

Implement security faster with Azure Security Center

To enable large organizations to leverage Security Center’s findings in enterprise-scale, Azure Security Center continues to provide clear APIs, automation, and management capabilities that can help customers connect Security Center to workflows, processes, and tools used across the organization.

A new capability in Security Center enables the creation of rich workflows using Azure Logic Apps and policies trigger based on a recommendation or alert. Configure a logic app to perform a custom action supported by the vast community of Logic App connectors, or use one of the templates provided, including to send an email or open a service ticket.

Security from the ground up

In addition to Azure Security Center updates, we have several additional enhancements for Azure platform security. To empower you to do more, we are continuously enhancing the platform services to improve existing offerings and address your feedback.

Here are some of the exciting updates coming to the platform. 

Extension of Customer Lockbox for Microsoft Azure beyond virtual machines

Customer Lockbox provides customers the capability to control Azure support engineers' access to workloads that contain customer data This expanded support now provides customers control over access to their data for a larger set of Azure offerings.

New services and scenarios, available in preview:

Azure Storage
Azure SQL Database
Azure Data Explorer
Memory dumps and managed disks for Azure Virtual Machines
Transferring Azure subscriptions

Release of Microsoft Secure Code Analysis toolkit to help you build secure code

With the Microsoft Security Code Analysis extension, you can infuse security analysis tools including Credential Scanner, BinSkim, and others into your Azure DevOps continuous integration and delivery (CI/CD) pipelines. Increase developer productivity and simplify security through easily configurable build tasks that abstract away the complexities (installing, updating, maintaining, and running) from analysis tools without relinquishing control over them. 

This product is now available via Unified Support. Customers can sign up using their existing credit or paying the service fee. To learn more please visit the Microsoft Secure Code Analysis documentation page.

Azure Disk Encryption in more places, and more services offering customer-managed keys

Azure Disk Encryption enables you to encrypt your Azure Virtual Machine disks with your keys safeguarded in Azure Key Vault. Previously this capability was available through PowerShell and CLI. We have now added this capability to the Azure portal, which makes it very easy to use. We have also added support for the latest versions of the common Linux distros on Azure, including Red Hat Enterprise Linux 7.6 and 7.7 as well as CentOS Linux 7.6 and 7.7.

Try it yourself using Quickstart for Windows or Quickstart for Linux now.

The following services recently announced preview for customer-managed keys for encryption at rest.

Azure Event Hubs
Azure Managed Disks
Power BI

For a full list of services offering encryption with customer-managed keys, see the Azure Data Encryption-at-Rest documentation page.

New Azure policies to manage certificates across your organization, currently in preview

Large organizations have thousands of certificates in key vaults distributed across thousands of applications and subscriptions. If you are responsible for security and compliance across the organization, you need a simple way to set rules across all these certificates, prove that those rules were followed, and flag violations. Azure policy helps with this. We have added new policies in preview for certificates in Azure Key Vault.

Issuer Policy: Flag certificates that are (or are not) issued by a particular issuer.
Key Type Policy: Flag certificates that are (or are not) protected by a RSA or ECC key pairs.
Key Size Policy: Flag certificates that are (or are not protected) by a key of a certain size.
Expiry Policy: Flag certificates that are (or are not) renewed within “X” number of days of their expiry date.
Validity Lifespan Policy: Flag certificates that have (or do not have) Validity Lifespan that is less than, or more than, or equal to "X" number of years.

For more information see the documentation for Azure Key Vault governance policies.

Azure Key Vault Virtual Machine extension now generally available

The Azure Key Vault Virtual Machine extension makes it easier for apps running on virtual machines to use certificates from a key vault, by abstracting the common tasks as well as best practices—authenticate, handle common network errors, cache, periodically refresh the certificate from the key vault, and bind the certificate for Transport Layer Security (TLS).

This extension is now generally available for Windows and Linux.

Free Azure managed certificates for your domains on Azure

We want to make sure there are no reasons not to use TLS in your Azure applications. Azure now provides TLS certificates at no cost to you for your custom domains hosted on the following services. Azure renews these certificates automatically.

Azure CDN managed certificates (generally available.)
Azure Front Door managed certificates (generally available.)
Azure App Service managed certificates for both web apps and functions (currently in preview.)

We will expand this to other Azure PaaS services in the future.

Note that this is just one of your options. If you have a need to use certificates from a different certificate authority (CA), then you have the option to configure these Azure services to use a certificate you manage in your key vault.

Learn more

With these additions, Azure continues to provide a secure foundation and gives you built-in security tools and intelligent insights to help you rapidly improve your security posture in the cloud. Azure Security Center strengthens its role as the unified security management and advanced threat protection solution for your hybrid cloud.

For Azure app developers:

Use the Microsoft Secure Code Analysis toolkit to inspect your code for security issues.
Enable TLS for your Azure CDN, Front Door, and App Service (web app and function) resources.
Evaluate the new Azure Virtual Machine extension for Azure Key Vault to simplify how your app uses certificates from Azure Key Vault (for Windows and Linux).

For users responsible for security across their organizations:

Evaluate Azure Policy, including the new Key Vault policies, to ensure developers across your organization follow the rules you set for security and compliance.

Security can’t wait. Get started with Azure Security Center today and visit Azure Security Center Tech Community, where you can engage with other security-minded users like yourselves.

Azure. Invent with purpose.
Quelle: Azure

Accelerating blockchain adoption in the enterprise

The mission for our blockchain investments has remained steadfast since the beginning, with the goal of democratizing complex technologies and creating connections across organizational boundaries to solve shared problems in a trusted manner. With this in mind, our roadmap has been focused on building an open and scalable platform to advance the adoption of blockchain in the enterprise.

We have seen this approach resonate with our customers time and time again. A real-world example powered by Azure blockchain technology is GE Aviation’s next-generation blockchain solution that tracks the genealogy of engine parts to improve productivity and safety for airlines. 

"Microsoft has taken blockchain from an art and transformed it into a science by fundamentally improving each aspect of the software stack. We’ve benefited from the innovation of no-code logic apps for data ingestion, off-chain storage with Azure SQL Database and Azure Cosmos DB, and analytics visualization via Power BI. The rich integration of these Azure services with Azure Blockchain Service and Azure Blockchain Workbench have enabled us to get our solutions into the hands of our customers much faster with a lot less complexity." – David Havera, Blockchain Leader, GE Aviation Digital Group

With this in mind, we're announcing a wave of innovation designed to simplify and accelerate blockchain adoption across the whole stack.

Accelerating blockchain adoption with Microsoft Azure Blockchain Tokens

Since launching Azure Blockchain Service, our customers have asked for a simple mechanism to tokenize physical or digital assets to accelerate blockchain deployments. Today, we’re launching the preview of Azure Blockchain Tokens, which simplifies the ability to define, create, and manage compliant tokens that are built on industry standards. Azure Blockchain Tokens (preview) provide pre-built templates for common scenarios and will support a gallery of templates created by partners in the future. With this latest offering, we can now offer customers an end-to-end experience of easily creating and managing tokens for physical or digital assets via Azure Blockchain Tokens (preview), in addition to managing the blockchain network itself via Azure Blockchain Service.

CEEK Virtual Reality, a streaming platform for live and recorded virtual and augmented reality experiences, uses Azure Blockchain Tokens to create a trusted platform for royalty payments. Smart tickets (a form of a token) allow content creators to track content viewership, ensuring royalty payout to creators is based on trusted data.

"CEEK Virtual Reality was looking for a trusted partner to help us with content viewership verification on the blockchain, and Azure Blockchain Tokens was perfect because it helped to drastically reduce our time to market and offered a trusted partner for providing proof on the blockchain." – Mary Spio, CTO, CEEK VR

Enhancing Azure Blockchain Service with blockchain data manager and additional ledger choice

Azure Blockchain Service has seen fantastic adoption since launch, with customers using it to simplify the management and formation of their blockchain networks so they can focus on business logic. Today, we’re making Azure Blockchain Service even better with the preview of blockchain data manager. Blockchain data manager (preview) is a new feature of Azure Blockchain Service that captures blockchain ledger data, transforms it (including decoding encrypted event and property state data), and then delivers that data to multiple sources via Azure Event Grid to off-chain databases like Azure Cosmos DB or Azure SQL Database. Blockchain data manager (preview) supports both public and private transaction data and greatly simplifies the cumbersome task of integrating existing applications with data that sits on a blockchain ledger.

In addition to simplifying blockchain data integration into existing applications, providing choice and flexibility is central to our investments in Azure Blockchain Service. Corda Enterprise joins Ethereum as an additional distributed ledger technology available within the service. For customers who prefer Hyperledger Fabric, an Azure Marketplace template using Azure Kubernetes Service is available for use starting today.

Investing in developer tools

Of course, accelerating blockchain enterprise adoption is only possible with developers. We are continuing to build on our investments for blockchain developers with updates to the  Azure Blockchain Development Kit for Ethereum extension for Visual Studio Code. These investments improve the productivity of developers, whether they are building an application on top of a blockchain network, or connecting a backend system to produce or consume blockchain data.

Recent investments in popular tools like OpenZeppelin integration provide easy discoverability and use of popular smart contracts for common developer needs. In addition to our focus on private blockchain developers, we are making sure public blockchain developers are equally well supported with investments in public chain tools, including Infura project integration. Adding native Infura integration to our Visual Studio Code extension makes it easy to create, interact with, and deploy to Infura projects. These developer tools integrate with Visual Studio Code and available free of charge.

Continuous innovation supports your blockchain journey

Blockchain is an exciting and dynamic industry, and we remain committed to simplifying adoption in the enterprise across scenarios like supply chain visibility and traceability and royalty reconciliation, among others. With investments that span the whole stack—from developer tools to Azure infrastructure services and Azure managed services—enterprise adoption of blockchain is easier than ever.

Next steps

Learn more about Azure Blockchain Tokens and Azure Blockchain Service
Read the white paper on Tokenization: Establishing Digital Representation of Value as the Medium of Exchange
Get started with code samples and tutorials in the Azure Blockchain development kit

Azure. Invent with purpose.
Quelle: Azure

Serverless for the enterprise with Microsoft Azure

Cloud computing has opened new paradigms for enterprises to reach higher levels of productivity and scale. At the tip of that spear is serverless computing, enabling developers, teams, and organizations to focus on business logic and leave hosting and scaling of resources to the cloud platform.

At Microsoft Ignite, we’re announcing serverless functions with no cold start and network isolation, PowerShell support for event-driven automation, simplified secrets management across serverless apps, unified monitoring capabilities, and increased language support—including .NET Core 3 and Python 3.7! These capabilities expand the list of target scenarios that would benefit from event-driven architectures and bring serverless to operations teams.

Business-critical apps with no cold start and network isolation

Function as a service (FaaS) platforms present a small delay on their first executions, known as cold start. This makes it challenging to adopt serverless functions for mission critical apps where a few seconds can make a huge difference. To address it, we’re announcing the general availability of the Azure Functions Premium plan.

It brings together the best of both serverless and dedicated hosting; you can leverage fast, dynamic scale while benefiting from network isolation, consistent performance, and more predictable costs.

When coupled with our PowerShell support, functions running on the Premium plan are the ultimate tool in the IT administrator’s belt, enabling long running orchestrations with support for executions up to an hour-long and hybrid connections to directly connect to on-premises resources.

Serverless automation with PowerShell

Automation and resources management is crucial for any cloud or hybrid solution, helping companies implement and comply with internal policies, reduce costs by turning off cloud resources during idle hours, or meet service-level agreement times. By taking an event-driven approach to building automation workflows, you can benefit from hundreds of built-in Azure connectors to automatically respond to the activity happening not only in Azure services, but also in third party solutions and on-premises resources as well.

With the general availability of PowerShell support in Azure Functions, you can set up serverless automation processes for infrastructure management and scripting tasks. Managing PowerShell modules is now easier than ever as you can rely on Azure Functions to ensure the latest critical and security updates are automatically installed.

For more complex tasks you can use Durable Functions, an extension to the Azure Functions runtime that uniquely brings stateful and orchestration capabilities to serverless functions. The new version of Durable Functions not only lets you simplify the orchestration of tasks, but now enables building stateful durable entities. This is especially helpful for scenarios that may require state persistence for a large number of devices (thousands, for example), all within a single serverless function.

Simplified secrets management

Security is top-of-mind for every company, and more organizations are adopting secrets management policies to securely store and consume very sensitive information including certificates, connection strings, or passwords. Azure Key Vault provides these capabilities in Azure and supports storing secrets centrally with expectations around expiration and access control.

Serverless apps and web sites hosted in Azure App Service and Azure Functions can now easily incorporate secrets management without any code changes by including references to Azure Key Vault secrets in their application settings, now in general availability. For existing applications, you can simply replace secrets included in the application settings with their references in Azure Key Vault, and they will continue to operate as normal. Behind the scenes, the application’s system-assigned identity is used to securely fetch the secret and make it available as an environment variable.

For simplified lifecycle management of your secrets, you can now use Azure Key Vault events on Azure Event Grid (currently in preview) to trigger automation workflows using Azure Functions, WebHooks, or any supported event handlers. By subscribing to changes in the status of keys, certificates or secrets stored in Azure Key Vault (such as about to expire, already expired, or new version available), you can automatically set up notifications or alerts to have the teams in charge perform the required actions.

Unified monitoring experience

Monitoring enables development teams to identify errors, bottlenecks, faulty services, and overall performance status across cloud applications. In addition to the existing capabilities for monitoring web applications and serverless functions, both Azure Functions and Azure App Service are now adding integration (currently in preview) with Azure Monitor Logs, sending log telemetry to a single workspace where you can create queries to quickly retrieve, consolidate, and analyze collected data—including using third party services for analysis—or set alert rules.

If you haven’t already, sign up for an Azure free account and start building serverless applications today! We cannot wait to see the new business-critical apps you'll build using the Azure Functions Premium plan and automation benefits you'll realize using PowerShell support in Azure Functions. Try them out today, and if you have any feedback please reach us on Twitter, GitHub, StackOverflow, and UserVoice.

Azure. Invent with purpose.
Quelle: Azure

Success in the cloud: Microsoft Cloud Adoption Framework for Azure

With thousands of customers deploying more and more applications on cloud platforms, cloud technologies have become increasingly more familiar to businesses. However, the path for successful cloud adoption can be bumpy for enterprises as it requires more than the typical technology deployment steps. Successful cloud adoption requires deeper and broader changes across an organization, including business plans and expectations alignment, process updates, and technical readiness.

In our work with customers, we’ve helped solve some common obstacles to the cloud journey, including proper cloud governance to control costs and ensure security, confusion on the right migration strategy to define a path to the cloud, and a lack of context on how to establish a Cloud Center of Excellence in their organization.

Today, we are announcing the general availability of new content within the Microsoft Cloud Adoption Framework for Azure, including Innovate and Manage stages and new resources and assessments to help organizations wherever they are. It brings together best practices from Microsoft solution architects, partners, and customers into a comprehensive and curated set of tools, documentation, templates, and guidance that help organizations shape their cloud strategies, driving towards their desired business goals and outcomes.

Digital transformation is real and is here. We realize change takes time and real effort; it impacts people, culture, and business, and it can feel risky. It requires new disruptive thinking. It requires leaders to adapt, take risks, and learn quickly. It requires a culture and organization shift. And the Cloud Adoption Framework is here to help organizations navigate their respective and unique journeys, delivering on their business goals through the power of Azure.

How does it work?

Built with a modular approach, the Cloud Adoption Framework helps organizations breakdown their journey into discrete stages with clear guidance for business decision makers, cloud architects, and IT professionals to undertake their cloud journey with confidence and control, aligning business priorities and expected outcomes with technology changes and investments.

While each organization will have their own cloud journey to adopt the cloud, there are six main stages that hold true for most organizations: strategy, plan, ready, adopt, govern, and manage. Although the framework suggests a linear journey, reality shows it isn’t. It is an iterative and cyclical process, where organizations jump in and out of stages as they make progress or have new areas to address in their journey. If the organization is concerned with managing policies and staying compliant to industry regulations, then focus on establishing proper cloud governance to unblock and address those concerns. If the organization wants to review or define its own motivations for cloud adoption, then they will need to focus on the strategy and planning stages to establish a clear North Star for this change, and so forth.

Each stage of the framework focuses on specific aspects of the cloud journey, for each organization to address internally. Here is an overview of each stage:

Strategy: Understand the motivation to adopt new cloud technologies, considering business and financial justifications, and aligning to business goals and expected outcomes.
Plan: Create a cloud adoption plan based on inventory of the current digital estate, prioritized workloads, and a suitable migration strategy for business impact. The definition of a cloud strategy team and center of excellence must be defined at this point to ensure appropriate execution.
Ready: Prepare people, business processes, and IT environments for the change, based on a prioritized and agreed cloud adoption plan, leveraging landing zones and replicable mechanisms to enable agility with proper governance and controls.
Adopt: Whether looking to migrate existing workloads to the cloud or innovate creating something new, this stage is where the technology implementation takes place to deliver on the business expectations and align to the cloud adoption plan.
Govern: Review existing on-premises IT policies and define cloud governance to complement them. Learn to iterate as the cloud estate, business priorities, and processes change over time, potentially creating new risks to mitigate.
Manage: Define a cloud operating model based on operational excellence. Monitor, manage, and optimize cloud environments to adapt and deliver on business goals and expected outcomes.

Making the Cloud Adoption Framework actionable

Many customers and partners have been leveraging and contributing to this framework for a few months now. Partners, in particular, have found it very useful to help address their customers main blockers to cloud adoption, focusing on both the technical and business components.

“As a partner, New Signature has used the Microsoft Cloud Adoption Framework to help organize our services and have aligned customer engagements with the themes and goals the framework discusses. It has also been useful to fully identify the end to end capability needed to run both the technical transformation and the business change elements of cloud adoption.” – Sean Morris, Head of Consulting at New Signature.

And many Microsoft partners have already created offerings to help guide customers through their journey based on the framework. Similarly, OpsCompass “leverages the Microsoft Cloud Adoption Framework for Azure to help customers feel safe knowing they’re proactively managing their cost, compliance, and security risks as they adopt the cloud,” said Scott Griffith, Vice President of Corporate Development at OpsCompass.

Already, over 200 organizations have engaged with the framework, providing feedback, sharing best practices, and also learning new aspects to address open items in their journey. One of those is Dentsu Aegis Network, which wanted to enable teams across the world to leverage the power of Azure, in a controlled and secured matter.

“Using the Cloud Adoption Framework, we set up an automated self-service portal where anyone can request a cloud landing zone, get approval, and within hours have a new environment provisioned and ready to use in Azure,” said Chris Fry, Director of Global Programs at Dentsu Aegis Network.

All organizations can start leveraging the Cloud Adoption Framework to support their adoption journey today. Depending on your organization’s needs, there are a few options to get started:

To understand where in the cloud journey the organization is, take the Cloud Journey Tracker
To validate governance gaps and immediate next steps, take the Microsoft Cloud Adoption Framework Governance Benchmark
To get help with a lift-and-shift migration project already identified and prioritized, leverage the Azure Migration Program
To get assistance with an architecture design for a new or existing app on the cloud, reach out to Microsoft FastTrack for Azure
For all of the above and beyond, connect with a Microsoft partner

For more information and to learn more about it, visit the Cloud Adoption Framework for Azure page and for the best practices, guidance, and technical documentation, visit the Microsoft Cloud Adoption Framework for Azure documentation. Learn more about Microsoft migration resources and programs.

 

Azure. Invent with purpose.
Quelle: Azure

Enabling and securing ubiquitous compute from intelligent cloud to intelligent edge

Enterprises are embracing the cloud to run their mission-critical workloads. The number of connected devices on and off-premises, and the data they generate continue to increase requiring new enterprise network edge architectures. We call this the intelligent edge – compute closer to the data sources and users to reduce latency. The intelligent cloud, with its massive compute power, storage and variety of services works in concert with the intelligent edge using similar programming models to enable innovative scenarios and ubiquitous compute. Networking is the crucial enabler integrating the intelligent cloud with the intelligent edge.

The Azure Networking mission is to provide the most secure, reliable, and performant network for your workloads, delivered and managed from the intelligent cloud to the intelligent edge. We continue to innovate to help your services connect and extend to the cloud and the edge, be protected, delivered with optimal performance and provide insightful monitoring.

Microsoft global network

Microsoft runs one of the world’s largest Wide Area Network (WAN) that serves all Microsoft cloud services including Azure, Dynamics 365, Microsoft 365, LinkedIn, Xbox, and Bing. The WAN connects all Microsoft datacenters running our cloud services together and to our customers and partners through edge sites. These edge sites are strategically located around the world. This is where we exchange traffic with internet service providers for internet traffic and ExpressRoute partners for private connectivity traffic. We also use the Azure Front Door and Azure Content Delivery Network services at our edge sites to enhance and accelerate the experience of our own services, such as Microsoft 365. To provide global coverage the WAN has over 130,000 miles of subsea, terrestrial, and metro optical fiber and is fully managed by Microsoft using internal software defined networking (SDN) technologies to provide the best networking experience. Industry leaders such as Thousand Eyes have reported on the performance of our global network and in a 2018 study found it to be the most robust and most consistent. One fundamental principle in providing a great experience is to get the traffic onto the Microsoft network as close to the customer as possible and keep it on Microsoft’s network as long as possible. All traffic between Microsoft services and datacenters remains fully in Microsoft’s network and does not traverse the internet.

Figure 1. Core pillars of Azure Networking

Connect and extend

To get the best internet experience, data should enter and exit the Microsoft network as close as possible to you or your users. With over 160 edge sites today, we have an aggressive plan to increase the number of sites, which you can read more about in our edge site expansion blog. We are also increasing the number of ExpressRoute meet-me sites, providing greater flexibility to privately connect to your Azure workloads.

Staying connected to access and ingest data in today's highly distributed application environments is paramount for any enterprise. Many businesses need to operate in and across highly unpredictable and challenging conditions. For example, energy, farming, mining, and shipping often operate in remote, rural, or other isolated locations with poor network connectivity. ExpressRoute for Satellites is now generally available, enabling access to Microsoft cloud services using satellite connectivity. With commercial satellite constellations becoming widely available, new solution architectures offer improved and affordable performance to access Microsoft.

MACsec, an industry encryption standard for point to point connections, is now supported on ExpressRoute Direct as a preview ability. ExpressRoute Direct customers can ensure data confidentiality and integrity between physical connections to the ExpressRoute routers to meet security and compliance requirements. Customers fully own and manage the lifecycle of the MACsec keys using Azure Key Vault.

We have invested in optical technologies to greatly reduce the cost of metro networks. We are passing these savings to you with a new ExpressRoute circuit type called ExpressRoute Local, available via ExpressRoute partners. If you select an ExpressRoute site near our datacenters and only access data from that datacenter then egress prices are included in the ExpressRoute Local circuit price. For connectivity to regions in the same geo you can use ExpressRoute Standard, and to get anywhere in the world you can use ExpressRoute Premium.

The new peering service for the Microsoft cloud, now in preview, enables enterprise-grade internet connectivity to access Azure, Dynamics 365, and Microsoft 365, via partnerships with internet providers and internet exchange providers. Peering service also provides internet latency telemetry, route monitoring, and alerting against hijacks, leaks, and other border gateway protocol misconfigurations.

Figure 2. Launch partners supporting the new Peering Service

We have enhanced our VPN service to support up to 10 Gbps of aggregate encrypted bandwidth, IKE v1 on all our VPN gateway SKUs, and packet capture to help debug configuration issues. We have also enhanced our point-to-site VPN service to support Azure Active Directory and multifactor authentication. We also are making available an OpenVPN client that you can download and run to access your Vnet from anywhere.

Azure Virtual WAN brings together our Azure connectivity services into a single operational interface with major SD-WAN partners. Azure Virtual WAN enables a global transit network architecture by providing ubiquitous connectivity between globally distributed sets of spokes such as VNets, sites, applications, and users. Significant enhancements include the preview of hub-to-hub and any-to-any connectivity. Virtual WAN users can connect multiple hubs for full mesh connectivity to further simplify their network architecture. Additionally, ExpressRoute and point-to-site are now generally available with Virtual WAN.

Figure 3. Azure Virtual WAN full topology overview across customers sites and clients connecting to Azure

We have been working closely with industry leaders to expand the ecosystem support for Virtual WAN. Today, we are announcing that Cisco and Microsoft are partnering to modernize the network for the cloud. Cisco, one of our largest global and strategic partners, is working with Microsoft to integrate Cisco SD-WAN technology with both Azure Virtual WAN and Office 365 to enable seamless, distributed and optimal branch office connectivity to Azure and Office 365.

“At Cisco, we’re helping customers deliver security and application experience as they expand into the cloud. Collaborating with Microsoft to expand the value of Azure Virtual WAN with Cisco SD-WAN, we are creating new opportunities for our mutual customers to accelerate their hybrid cloud strategy.”

Sachin Gupta, SVP, Product Management for Cisco Enterprise Networking Business

Additionally, other partners including Cloudgenix, Fortinet, Nokia-Nuage, and Silver Peak, have finalized their integrations with Virtual WAN and are immediately available.

IPv6

Dual stack (IPv4 + IPv6) VNet will be generally available later this month. As a first in the cloud, Azure will enable customers to bring their own IPv6 private space into the VNet thereby avoiding any need for routing changes. IPv6 enables customers to address IPv4 depletion, meet regulatory requirements, and expand into the growing mobile and IoT markets with their Azure-based applications.

Figure 4. Architectural diagram of an Azure VNet routing with IPv6 between VMs, subnet and Load Balancer

Protect

Achieving Zero Trust networking

Cloud applications and the mobile workforce have redefined the security perimeter. The new perimeter isn’t defined by the physical location(s) of the organization, it now extends to every access point that hosts, stores, or accesses corporate resources and services.

Instead of believing everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust, always verify.”

Azure Networking services provide critical controls to enhance visibility and help prevent bad actors from moving laterally across the network. Networks should be segmented, including deeper software-defined micro-segmentation, and real-time threat protection, end-to-end encryption, monitoring, and analytics should be employed.

Azure Private Link – extended to all Azure regions

Azure Private Link brings Azure services into your private virtual network. Supported Azure services such as Storage, SQL Database, and Azure Synapse Analytics can be consumed over a private IP address thereby not opening the access control lists (ACLs) to public internet. The traffic going through Private Link will always be in the Microsoft backbone network and never entering the public internet. The platform as a service (PaaS) resources can also be accessed privately from on-premises through VPN or ExpressRoute private peering thereby keeping the ACLs simple. Starting today, Private Link will be available in all Azure public regions.

Figure 5. Architectural diagram of Private Link deployed cross-premises

Using Azure Private Link, Azure is the first cloud to provide data governance and compliance by implementing built-in data exfiltration protection. This brings us one step closer to our goal for zero trust networking wherein malicious actors within the trusted network can’t exfiltrate data to non-secure accounts, since individual PaaS instances instead of service frontends are mapped as private endpoints. Private Link also empowers software as a service (SaaS) providers in Azure to extend the same capability to their customers. Snowflake is an early adopter to the program, with more partner services to follow.

Azure Firewall Manager is a new security management service that provides central security policy and route management for cloud-based security perimeters. Azure is currently the only cloud provider to offer traffic governance, routing control, and third party integrated security through Azure Firewall and Firewall Manager. Global admins can centrally create hub and spoke architecture and associate security or routing policies with such a hub, referred to as a secured virtual hub.

Figure 6. Diagram of Azure Firewall Manager deployed inside Secured Virtual WAN Hubs

With trusted security partners, you can use your familiar, industry-leading, third-party security as a service (SECaaS) offerings to protect internet access for your users. We are very pleased to announce our partnership with ZScaler, iboss, and Checkpoint (coming soon) as the trusted security partners.

Azure Firewall threat intelligence-based filtering now general available

Using threat intelligence-based filtering, Azure firewall can now be configured to alert and deny traffic to and from known malicious IP addresses and domains in near real-time. The IP addresses and domains are sourced from the Microsoft threat intelligence feed.

We also extended our web application firewall (WAF) with three new features, WAF bot protection, WAF per-site policies, and geo filtering. Azure managed bot protection rule set in Azure Front Door detects different categories of bots and allows customers to set actions accordingly. Customers can block malicious bots at the network edge, allowing good bots to reach application backends, and log or redirect unknown bots to an alternative site. Azure managed bot protection rule set is also offered as a preview on Azure Application Gateway v2 SKU. WAF per site policy with Application Gateway enables customers to specify WAF policies for different web applications hosted on a single Application Gateway. This allows for finer grained security policy and eliminates the need to create additional deployments per site. Azure Application Gateway is introducing geo filters with existing custom rules in preview on v2 SKU. This capability allows you to extend existing IP/IP range based custom rules to also include countries as a matching criterion and take actions accordingly. This allows you to restrict traffic from a given country or only allow traffic from a set of countries.

We recently announced the general availability of Azure Bastion. The Azure Bastion service is provisioned directly in your Virtual Network, enabling seamless remote desktop (RDP) and secure shell (SSH) access to all virtual machines in the VNet without needing a public IP address. Seamless integration and easy one-time setup of ACLs across your subnets eliminates subsequent and continuous management.

Figure 7. Azure Bastion architecture showing SSL access to VNet resources through the Azure portal

Deliver

Today we are also announcing a new feature, the Content Delivery Network Rules Engine, which allows the Azure Content Delivery Network to enable customers to customize how http requests are handled. Rules Engine enables very powerful match conditions like device detection, HTTP protocol, and header values and trigger appropriate actions. All the http rules run at our edge sites near end users which gives significant performance benefits compared to running rules at customer origins.

The Application Gateway Ingress Controller allows Azure Application Gateway to be used as the ingress for an Azure Kubernetes Service (AKS.) The ingress controller runs as a pod within the AKS cluster. It consumes Kubernetes Ingress Resources and converts them to an Azure Application Gateway configuration which allows the gateway to load-balance traffic to Kubernetes pods. Using Application Gateway Ingress Controller enables customers to expose a single internet accessible endpoint to communicate with their AKS clusters. Application Gateway directly interacts with pods using private addresses which eliminates the necessity of additional DNAT incurred by Kube-proxy, thus providing more efficient and performant traffic routing to pods. Application Gateway Ingress Controller provides support for all features of Application Gateway including WAF capabilities to secure access to the AKS cluster.

Figure 8. App Gateway Ingress controller explained relative to AKS

Azure Key Vault is a platform managed service to safeguard cryptographic keys and other secrets used by cloud apps and services. Azure Application Gateway v2 now supports direct integration of Key Vault stored TLS certificates for its HTTPS-enabled listeners. This enables better TLS certificate security by having a clear separation of certificate management process from Application Gateway and backend web application management. Application Gateway polls the Key Vault every few hours for newer version of transport layer security (TLS) certificate, thus enabling automatic renewal of certificates.

Monitor

Azure Internet Analyzer is a new client-side measurement service now available in preview. Internet Analyzer enables A/B testing of networking infrastructures and their impact on your customers’ performance experience. Whether you’re migrating apps and content from on-premises to Azure or evaluating a new Azure service, Internet Analyzer allows you to learn from your users’ data and Microsoft’s rich analytics to better understand and optimize your network architecture with Azure before you migrate. Internet Analyzer is designed to address performance-related questions for cloud migration, deploying to new or additional Azure regions, or testing new application and content delivery platforms in Azure, such as Azure Front Door and Content Delivery Network.

Azure Monitor for Network service is now available in preview. Azure Monitor for Network enables customers to monitor key metrics and health of their network resources, discover issues and get troubleshooting help. Azure Monitor for Network is on by default and doesn’t require any custom setup. Whether it’s about monitoring and troubleshooting the cloud or hybrid networks, Azure Monitor for Network helps you to setup alerts, get resource-specific diagnostics, and visualize the structure and functional dependencies between resources.

Figure 9. Screenshot of Azure Monitor for Network illustrating App Gateway metrics and diagnostics

Multi-access Edge Computing (MEC) in preview

Multi-access Edge Computing offers application developers cloud-computing capabilities at the customer premises. This environment is characterized by very low latency and high bandwidth as well as real-time access to radio networks such as Private LTE and 5G. By integrating MEC capabilities with Azure, we will be offering a continuum of compute and network capabilities from the intelligent cloud to the edge. New critical and immersive scenarios such as smart factory and mixed reality require reliable low-latency and high bandwidth connectivity combined with local compute.

Figure 10. Concept draft of Multi-access and network edge compute with Azure

To address these needs, we are introducing a technology preview of Multi-access Edge Compute based on Azure Stack Edge deployed at the customer’s premises for the best possible latency. Key characteristics of the MEC are:

Enables developers to use GitHub and Azure dev ops CI/CD toolset to write and run container-based applications at the customer’s premises. With a consistent programming-model it is straightforward to develop applications in Azure and then move them to Azure Stack Edge.
Wireless technology integration, including Private Long-Term Evolution (LTE), LTE-based Citizens Broadband Radio Service (CBRS), and forthcoming 5G technologies. As part of our MEC platform, we have partnered with technology innovators to provide mobile virtual network functions (Evolved Packet Core), device integration, SIM management, and radio access networks.
MEC is managed from Azure. Curated virtual network function (VNF) images are downloaded from Azure to simplify deploying and running a private mobile network. The platform also provides support for lifecycle management of the VNFs, such as patching, configuration, and monitoring.
A partner ecosystem including managed service providers to deploy end to end solutions in your network.

For those interested in the early technical preview and options with MEC integration, please reach out to MEC-Networking@microsoft.com.

Figure 11. Overview of Azure Multi-edge Compute (MEC) partner ecosystem

Looking Forward

We are fully committed to helping you connect to Azure, by protecting your workloads, delivering a great networking experience, and providing extensive monitoring to simplify your deployment and operational costs while helping you better support your customers. At Microsoft Ignite we will add more details about our announcements, and you can learn more by viewing our technical sessions. We’ll continue providing innovative networking services and guidance to help you take full advantage of the cloud. We’re excited to learn about your new scenarios enabled by our networking services. As always, we welcome your feedback.

Azure. Invent with purpose.
Quelle: Azure

Azure infrastructure as a service (IaaS) for every workload

This week at Microsoft Ignite, we announced several important additions to our Azure infrastructure as a service (IaaS) portfolio.

Many companies, including GEICO, H&R Block, and CONA Services, rely on Azure to run a very diverse set of business-critical workloads, often requiring dynamic and scalable infrastructure that delivers unparalleled performance.

In order to meet the needs of this diverse and growing set of mission-critical workloads that call Azure home, our infrastructure services continue to evolve to optimize the experience of running these workloads.

Comprehensive infrastructure solutions: Flexibility and choice

We announced several new offerings that expand our portfolio of available virtual machine (VM) instance sizes for general purpose, memory-intensive, and remote visualization scenarios, including the ability to run VMware environments natively and enhancements to the platform that make it even easier to migrate your workloads to Azure.

Ea v4, Eas v4, Da v4, and Das v4 series Microsoft Azure Virtual Machines now available

After being the first global cloud provider to announce the preview of Azure Virtual Machines based on the AMD EPYC™ 7452 processor, we’ve been working together with our technology partners, including AMD, to continue bringing the latest innovation to enterprises. 

This week we’re announcing the availability of the Da v4 and Das v4 Azure Virtual Machine series for general purpose Linux and Windows applications, and the Ea v4 and Eas v4 Azure Virtual Machine series for memory-intensive Linux and Windows workloads.

These new Azure Virtual Machines feature the latest AMD EPYC™ 7452 processor and up to 96 vCPUs, 672 GiBs of RAM, and 2,400 GiBs of SSD-based temporary storage. The Das-series and the Eas-series Virtual Machines support Azure Premium SSDs and will include Ultra Disk support in the near future.

New NVv4 series Azure Virtual Machines preview available

We are also enhancing our compute portfolio for Windows Virtual Desktops and high-performance computing (HPC) workloads with the preview of NVv4. These new Azure Virtual Machines feature the latest AMD EPYC™ 7742 processor and will be the first visualization-optimized Azure Virtual Machine to offer AMD RADEON INSTINCT™ MI25 GPUs. NVv4 (currently in preview) offers enhanced GPU resourcing flexibility, giving customers more choice by offering partitioned GPUs built using industry-standard SR-IOV technology. Customers can select the right size of GPU Virtual Machines with as little as 2GB of dedicated GPU frame buffer for an entry-level desktop in the cloud, and up to the whole GPU with 16GB of frame buffer to provide powerful engineering workstations. This makes entry-level and low-intensity GPU workloads more cost-effective while still giving customers the option to scale up to full-GPU processing power delivered by AMD RADEON INSTINCT™ MI25 GPUs.

Azure VMware Solutions now available in West Europe

We’re also announcing the availability of Azure VMware Solutions in the West Europe Azure region. If you are currently managing an on-premises VMware environment, Azure VMware Solutions delivers the ability to run your VMware environment natively on Azure. This gives you the option to leverage your existing VMware skills and investments while taking full advantage of the scale and automation Azure offers. Azure VMware Solutions is now supported in East US, West US, and West Europe regions.

New Azure Migrate features to streamline migration

Azure Migrate is a central hub for all your migration needs and now delivers new capabilities to accelerate the migration of physical servers and virtual machines. We have also made enhancements to the Server Assessment capabilities that reduce friction through agentless discovery options. And to ensure you have the information you need for migration; we now provide deeper application dependency analysis. Refer to the documentation for more details.

A dynamic and scalable infrastructure for uncompromised performance

One of the most valuable promises of cloud infrastructure is the ability to meet evolving business and IT requirements. In our mission to continuously improve customers’ access to dynamic and scalable infrastructure, we’ve made a couple of important additions to our portfolio.

Azure generation 2 virtual machines now generally available

Generation 2 virtual machines are now generally available on Azure. Generation 2 VMs provide support for Intel Software Guard Extensions (Intel SGX), UEFI boot architecture, and the ability to provision large VMs (up to 12TB) and OS Disks sizes that exceed 2TB.  

Generation 2 VMs are fully supported in the portal, CLI, and PowerShell interfaces, and customers can opt to use them during the provisioning and deployment process, depending on their needs. Please refer to the Windows and Linux documentation for more information.

New Azure Virtual Machine Scale Sets features now in preview

We’re also introducing the preview of new features for Azure Virtual Machine Scale Sets that will greatly simplify the experience of running virtual machines at scale, as well as improve the runtime capabilities and performance of these workloads. 

In addition to supporting a homogeneous set of VMs for a scalable app layer, you can now create an empty virtual machine scale set and add various VMs (even those belonging to different VM series) later during the VM creation process. This will allow you to achieve high availability, for example, by deploying a set of virtual machines to a single availability zone or across different fault domains in an availability zone. You can now use a Virtual Machine Scale Set to deploy a SQL high availability (HA) cluster with high availability in a zone. This will provide the high availability of SQL primary, secondary, and witness VMs in unique fault domains while maintaining the lower inter-VM network latency that is seen within an availability zone.

You can now also provision VMs with custom images using the Azure Shared Image Gallery, which provides a quick, easy and scalable way to share images across different VMs and also accelerates provisioning times.

You can also specify a scale-in policy that gives you control over the order in which VMs should be de-provisioned. Termination notifications now give customers up to 15 minutes to perform any clean-up or other pre-shutdown tasks before VMs are deprovisioned, and you can now use instance protection from scale-in to designate VMs that should not be deprovisioned during a scale-in action. 

All these new features will help you get your applications up and running quickly while giving you additional control over how your applications can scale to meet your requirements. 

HBv2 Azure Virtual Machines for HPC workloads coming soon

HBv2 VMs are designed to deliver supercomputer-class performance, message passing interface (MPI) scalability, and cost efficiency for a variety of real-world HPC workloads. HBv2 Virtual Machines support up to 80,000 cores for single MPI jobs to deliver performance that rivals some of the world’s largest and most powerful bare metal supercomputers.

Updated NDv2 Azure Virtual Machines preview

The NDv2-series Virtual Machines, currently in preview, are the latest, fastest, and most powerful addition to the GPU family, specifically designed for the cutting edge demands of distributed HPC, AI, and machine learning workloads. These VMs feature 8 NVIDIA Tesla V100 NVLINK interconnected GPUs with 32 GB of memory each, 40 non-hyperthreaded Intel Xeon Platinum 8168 processor cores, and 672 GiB of system memory. The NDv2-series Virtual Machines (currently in preview) also feature 100 Gb/sec EDR InfiniBand with support for standard Mellanox OFED drivers and all MPI types and versions. With total of 256 GB of GPU memory and 100 Gb/sec InfiniBand interconnect NDv2-series Virtual Machines are ready for the most demanding machine learning models and distributed AI training workloads utilizing CUDA, TensorFlow, Pytorch, Caffe, and other frameworks.

Proximity placement groups now generally available

A proximity placement group is a logical grouping capability for Azure Virtual Machines that you can use to decrease the network latency between a set of virtual machines. When you assign your virtual machines to a proximity placement group, their placement is optimized to deliver lower latency for your latency-sensitive workloads. We’ve seen robust customer adoption of this new feature during the preview over the last few months, and we’re pleased to now make Proximity Placement Groups generally available in most Azure regions. Please check the documentation for more information.

Azure Spot Virtual Machines

Finally, Azure Spot Virtual Machines, which give you access to unused Azure compute capacity at deep discounts, will be available soon. Spot Virtual Machines will be ideal for workloads that can be interrupted, providing scalability while reducing costs. You will be able to take advantage of Spot Virtual Machine pricing for Azure Virtual Machines or Virtual Machine Scale Sets (VMSS) to deploy opportunistic workloads of all sizes. We expect to preview this by early 2020.

In conclusion, there has never been a better time to run your workloads on, or to migrate to, Azure. We hope you enjoy Microsoft Ignite!

Additional Resources

Da series Azure Virtual Machines Linux and Windows documentation

Ea series Azure Virtual Machines Linux and Windows documentation

Azure Virtual Machine Scale Sets documentation

Azure generation 2 Virtual Machines documentation (Windows and Linux)

Azure webinar series: The Total Economic Impact™ of Azure IaaS

Azure webinar series: Five Critical Areas When Migrating Your Workloads to the Cloud

Computing options for every workload on Microsoft Azure – Video

Azure Virtual Machines webpages

Azure VMware Solutions webpages
Azure Migrate webpages

Azure. Invent with purpose.

Quelle: Azure