Since we announced the preview of Windows Virtual Desktop in March, thousands of customers have piloted the service, providing valuable feedback and insights for Microsoft to integrate into the…
Quelle: Azure
This is the second in a four-part blog series on designing a SAP on Azure Architecture. In the first part of our blog series we have covered the topic of designing for security. Robust SAP on Azure Architectures are built on the pillars of security, performance and scalability, availability and recoverability, and efficiency and operations. This blog will focus on designing for performance and scalability.
Microsoft support in network and storage for SAP
Microsoft Azure is the eminent public cloud for running SAP applications. Mission critical SAP applications run reliably on Azure, which is a hyperscale, enterprise proven platform offering scale, agility, and cost savings for your SAP estate.
With the largest portfolio of SAP HANA certified IaaS cloud offerings customers can run their SAP HANA Production scale-up applications on certified virtual machines ranging from 192GB to 6TB of memory. Additionally, for SAP HANA scale-out applications such as BW on HANA and BW/4HANA, Azure supports virtual machines of 2TB memory and up to 16 nodes, for a total of up to 32TB. For customers that require extreme scale today, Azure offers bare-metal HANA large instances for SAP HANA scale-up to 20TB (24TB with TDIv5) and SAP HANA scale-out to 60TB (120TB with TDIv5).
Our customers such as CONA Services are running some of the largest SAP HANA workloads of any public cloud with a 28TB SAP HANA scale out implementation.
Designing for performance
Performance is a key driver for digitizing business processes and accelerating digital transformation. Production SAP applications such as SAP ERP or S/4HANA need to be performant to maximize efficiency and ensure a positive end-user experience. As such, it is essential to perform a detailed sizing exercise on compute, storage and network for your SAP applications on Azure.
Designing compute for performance
In general, there are two ways to determine the proper size of SAP systems to be implemented in Azure, by using reference sizing or through the SAP Quick Sizer.
For existing on-premises systems, you should reference system configuration and resource utilization data. The system utilization information is collected by the SAP OS Collector and can be reported via SAP transaction OS07N as well as the EarlyWatch Alert. Similar information can be retrieved by leveraging any system performance and statistics gathering tools. For new systems, you should use SAP quick sizer.
Within the links below you can also attain the network and storage throughput per Azure Virtual Machines type:
Sizes for Windows Virtual Machines in Azure
Sizes for Linux Virtual Machines in Azure
Designing highly performant storage
In addition to selecting an appropriate database virtual machine based on the SAPS and memory requirements, it is important to ensure that the storage configuration is designed to meet the IOPS and throughput requirements of the SAP database. Be mindful, that the chosen virtual machine has the capability to drive IOPS and throughput requirements. Azure premium managed disks can be striped to aggregate IOPS and throughput values, for example 5 x P30 disks would offer 25K IOPS and 1000 MB/s throughput.
In the case of SAP HANA databases, we have published a storage configuration guideline covering production scenarios and also a cost-conscious non-production variant. Following our recommendation for production will ensure that the storage is configured to successfully pass all SAP HCMT KPIs, it is imperative to enable write accelerator on the disks associated with the /hana/log volume as this facilitates sub millisecond writes latency for 4KB and 16KB blocks sizes.
Ultra Disks is designed to deliver consistent performance and low latency for I/O-intensive workloads such as SAP HANA and any database (SQL, Oracle, etc.) With ultra disk you can reach maximum virtual machine I/O limits with a single Ultra DISKS, without having to stripe multiple disks as is required with premium disks.
At September 2019, Azure Ultra Disk Storage is generally available in East US 2, South East Asia, North Europe regions. and supported on DSv3 and ESv3 VM types. Refer to the FAQ for the latest on supported VM sizes for both Windows and Linux OS hosts. This video demonstrates the leading performance of Ultra Disk Storage.
Designing network for performance
As the Azure footprint grows, a single availability zone may span multiple physical data centers, which can result in network latency impacting your SAP application performance. A proximity placement group (PPG) is a logical grouping to ensure that Azure compute resources are physically located close to each and achieving the lowest possible network latency i.e. co-location of your SAP Application and Database VMs. For more information, refer to our detailed documentation for deploying your SAP application with PPGs.
We recommend you consider PPGs within your SAP deployment architecture and that you enable Accelerated Networking on your SAP Application and Database VMs. Accelerated Networking enables single root I/O virtualization (SR-IOV) to your virtual machine which improves networking performance, bypassing the host from the data-path. SAP application server to database server latency can be tested with ABAPMeter report /SSA/CAT.
ExpressRoute Global Reach allows you to link ExpressRoute circuits from on-premise to Azure in different regions together to make a private network between your on-premises networks. Global Reach can be used for your SAP HANA Large Instance deployment to enable direct access from on-premise to your HANA Large Instance units deployed in different regions. Additionally, GlobalReach can enable direct communication between your HANA Large Instance units deployed in different regions
Designing for scalability
With Azure Mv2 VMs, you can scale up to 208 vCPUs/6TB now and 12 TB shortly. For databases that require more than 12 TB, we offer SAP HANA Large Instances (HLI), purpose-built bare metal offering that are dedicated to you. The server hardware is embedded in larger stamps that contains HANA TDI certified compute, network and storage infrastructure, in various sizes from 36 Intel CPU cores/768 GB of memory up to a maximum size of 480 s CPU cores and 24 TB of memory.
Azure global regions at HyperScale
Azure has more global regions than any other cloud provider, offering the scale needed to bring applications closer to users around the world, preserving data residency, and offering comprehensive compliance and resiliency options for customers. As of Q3 2019, Azure spans a total of 54 regions and is available in 140 countries.
Customers like the Carlsberg Group, transformed IT into a platform for innovation through a migration to Azure centered on its essential SAP applications. The Carlsberg migration to Azure encompassed 700 servers and 350 applications—including the essential SAP applications—involving 1.6 petabytes of data, including 8 terabytes for the main SAP database.
Within this blog we have touched upon several topics relating to designing highly performant and scalable architectures for SAP on Azure.
As customers embark on their SAP to Azure journey, in order to methodically deploy highly performant, and scalable architectures, during various phases of the deployment, it is recommended to deep dive into , the SAP on Azure documentation to deepen their understanding of using Azure for hosting and running their SAP applications. The SAP workload on Azure planning and deployment checklist can be used as a compass to navigate through the various phases of a customer’s SAP Greenfield deployment or on-premises to Azure migration project.
In blog #3 in our series we will cover Designing for Availability and Recoverability.
Quelle: Azure
This month we released a new version of Azure Storage Explorer, 1.10.0. This latest version of Storage Explorer introduces several exciting new features and delivers significant updates to existing functionality. These features and changes are all designed to make users more efficient and productive when working with Azure Storage, CosmosDB, ADLS Gen2, and, starting with 1.10.0, managed disks. If you’ve never used Storage Explorer before, you can download it for Windows, macOS, or Linux on the product page here.
Storage Explorer adds support for managed disks
One of the most challenging parts of migrating on-premises virtual machines (VMs) to Azure is moving the data for these VMs into Azure. Storage Explorer 1.10.0 makes this process much easier by adding support for managed disks. The new features we’ve added for managed disks lets you create and manage VM disks using the easy to use Storage Explorer GUI. Using Storage Explorer also gives you an incredibly performant workflow. When you upload a VHD to a Managed Disk, Storage Explorer is leveraging the power and speed of AzCopy v10 to quickly get your data into Azure. Storage Explorer’s support for managed disks also includes the ability to create snapshots of, copy, download, and delete your managed disks. You can learn more about the latest disk support capabilities on our recent blog.
Storage Explorer introduces new user settings
Ever since Storage Explorer was first released, users have asked for a variety of settings that would allow them to configure how Storage Explorer behaves. As more settings have been added though, managing and discovering these settings has proved increasingly difficult. To help alleviate those problems, we are excited to introduce a centralized settings user interface (UI.) From this UI, you can configure many of Storage Explorer’s existing setting, such as proxy and application theme. We’ve also added settings which allow you to logout on exit and to toggle the refresh mode of the data explorers.
We have a long list of user requested settings in our backlog which will make their way to the settings UI in future updates. And if you have a suggestion for a setting you’d like to see, feel free to let us know by opening an issue at our GitHub repo.
Storage Explorer now available on the Snap Store
The last major change we’d like to highlight for 1.10.0 is the addition of Storage Explorer to the Canonical Snap Store. Installing Storage Explorer on Linux has always been a challenge for users, but when you install from the Snap Store things become as easy as installing on any other platform. The Snap platform will install all dependencies for you, and help you keep Storage Explorer up to date and secure. If you’d like to install Storage Explorer from the Snap Store, you can find it listed on the store.
Looking forward
Over the coming months, we have plans to add even more new features and capabilities to Storage Explorer. In the near future, we will be making AzCopy the default transfer engine for all Blob transfers, and we’ll start work on using AzCopy for File Shares. We’ve also been hard at work localizing Storage Explorer into additional languages so more people all over the world can effectively use the product. We’re going to improve on and bring additional features to ADLS Gen 2, including enhanced ACL management and increased parity with Blob features. And of course, we’ll be looking at GitHub for any user requests for new features, so if there’s something you would like to see then we highly encourage you to to open an issue.
Install Storage Explorer now
Download Storage Explorer 1.10.0 today to take advantage of all of these new features. If you have any feedback, please make sure to open a new issue on our GitHub repo. If you are experiencing difficulties using the product, please open a support ticket following these instructions.
Quelle: Azure
To get the most out of your Azure investment and run as efficiently as possible, we recommend that you regularly review and optimize your resources for high availability, security, performance, and cost. That’s why we created Azure Advisor, a free Azure service that helps you quickly and easily optimize your Azure resources with personalized recommendations based on your usage and configurations.
But with so many priorities vying for your attention, it can be easy to miss remediating your Advisor recommendations. So, what’s a good way to stay on top of these critical optimizations that can save you money, boost performance, strengthen your security posture, and increase uptime?
Get notified about new recommendations with Advisor alerts
Advisor now offers user-configurable alerts so you can get automatically notified as soon as your best practice recommendations become available. Advisor alerts will allow you to act more quickly and efficiently to optimize your Azure resources and stay on top of your new recommendations.
You can configure these alerts to be triggered based on several factors:
Recommendation category – high availability, performance, or cost.
Business impact – high, medium, or low.
Recommendation type – for example, right-size or shutdown underutilized virtual machines (VMs,) enable VM backup, or use availability sets to improve fault tolerance.
You can also choose from a wide range of notification options, including email, SMS, push notification, webhook, IT service management integration with popular tools like ServiceNow, Automation runbooks, and more. Your notification preferences are configured using action groups, so you can repurpose any action groups you’ve already set up, such as those for your custom Azure Monitor alerts or Azure Service Health alerts.
Best practices for your Advisor alerts
As you get started with Advisor alerts, we have three tips for you.
First, start simple by choosing a few high impact recommendations that are important to your organization, based on your business goals and priorities. For example, you might have a leadership mandate to reduce costs by a certain percentage, in which case you might decide that “Right-size or shutdown underutilized VMs” is a critical recommendation for you. Then create an alert for that set of recommendations. You can always change your alert or add more later.
Second, consider who is right person to notify about new recommendations and the best way to notify them. It’s best to notify the individual or team who has the permission and authority to remediate the recommendation, to streamline the process. In keeping with the “start simple” principle, you may wish to begin with email notifications, which are the most basic to configure and the least intrusive to receive. Again, you can always modify your preferences later.
Finally, once you’ve tackled the first two tips and are comfortable with Advisor alerts, start to explore automation scenarios. For example, you can automatically route a new best practice recommendation through your ticketing system and assign it to the right team for remediation. In some cases, you can even use a combination of Advisor alerts and Automation runbooks to automatically remediate the recommendation.
Get started with Advisor alerts
Visit Advisor in the Azure portal to review your recommendations and start setting up your Advisor alerts. For more in-depth guidance, visit the Advisor documentation. Let us know if you have a suggestion for Advisor by submitting an idea in our forums here.
Quelle: Azure
Earlier this week, we announced that Azure Sentinel is now generally available. This marks an important milestone in our journey to redefine Security Information and Event Management (SIEM) for the cloud era. With Azure Sentinel, enterprises worldwide can now keep pace with the exponential growth in security data, improve security outcomes without adding analyst resources, and reduce hardware and operational costs.
With the help of customers and partners, including feedback from over 12,000 trials during the preview, we have designed Azure Sentinel to bring together the power of Azure and AI to enable Security Operations Centers to achieve more. There are lots of new capabilities coming online this week. I’ll walk you through several of them here.
Collect and analyze nearly limitless volume of security data
With Azure Sentinel, we are on a mission to improve security for the whole enterprise. Many Microsoft and non-Microsoft data sources are built right in and can be enabled in a single click. New connectors for Microsoft services like Cloud App Security and Information Protection join a growing list of third-party connectors to make it easier than ever to ingest and analyze data from across your digital estate.
Workbooks offer rich visualization options for gaining insights into your data. Use or modify an existing workbook or create your own.
Apply analytics, including Machine Learning, to detect threats
You can now choose from more than 100 built-in alert rules or use the new alert wizard to create your own. Alerts can be triggered by a single event or based on a threshold, or by correlating different datasets (e.g., events that match threat indicators) or by using built-in machine learning algorithms.
We’re previewing two new Machine Learning approaches that offer customers the benefits of AI without the complexity. First, we apply proven off-the-shelf Machine Learning models for identifying suspicious logins across Microsoft identity services to discover malicious SSH accesses. By using transferred learning from existing Machine Learning models, Azure Sentinel can detect anomalies from a single dataset with accuracy. In addition, we use a Machine Learning technique called fusion to connect data from multiple sources, like Azure AD anomalous logins and suspicious Office 365 activities, to detect 35 different threats that span different points on the kill chain.
Expedite threat hunting, incident investigation, and response
Proactive threat hunting is a critical yet time-consuming task for Security Operations Centers. Azure Sentinel makes hunting easier with a rich hunting interface that features a growing collection of hunting queries, exploratory queries, and python libraries for use in Jupyter Notebooks. Use these to identify events of interest and bookmark them for later reference.
Incidents (formerly cases) contain one or more alerts that require further investigation. Incidents now support tagging, comments, and assignments. A new rules wizard allows you to decide which Microsoft alerts trigger the creation of incidents.
Using the new investigation graph preview, you can visualize and traverse the connections between entities like users, assets, applications, or URLs and related activities like logins, data transfers, or application usage to rapidly understand the scope and impact of an incident.
New actions and playbooks simplify the process of incident automation and remediation using Azure Logic Apps. Send an email to validate a user action, enrich an incident with geolocation data, block a suspicious user, and isolate a Windows machine.
Build on the expertise of Microsoft and community members
The Azure Sentinel GitHub repository has grown to over 400 detection, exploratory, and hunting queries, plus Azure Notebooks samples and related Python libraries, playbooks samples, and parsers. The bulk of these were developed by our MSTIC security researchers based on their vast global security experience and threat intelligence.
Support managed Security Services Providers and complex customer instances
Azure Sentinel now works with Azure Lighthouse, empowering customers and managed security services providers (MSSPs) to view Azure Sentinel for multiple tenants without the need to navigate between tenants. We have worked closely with our partners to jointly develop a solution that addresses their requirements for a modern SIEM.
DXC Technology, one of the largest global MSSPs is a great example of this design partnership:
“Through our strategic partnership with Microsoft, and as a member of the Microsoft Security Partner Advisory Council, DXC will integrate and deploy Azure Sentinel into the cyber defense solutions and intelligent security operations we deliver to our clients.” said Mark Hughes, senior vice president and general manager, Security, DXC. “Our integrated solution leverages the cloud native capabilities and assets of Azure Sentinel to orchestrate and automate large volumes of security incidents, enabling our security experts to focus on the forensic investigation of high priority incidents and threats.”
Get started
It really is easy to get started. We have a lot of information available to help you, from great documentation to connecting with us via Yammer and e-mail.
Start a trial and kick the tires
Watch the overview video
Review the technical documentation
Please join us for a webinar on Thursday, September 26 at 10:00 AM Pacific Time to learn more about these innovations and see real-life examples of how Azure Sentinel helped detect previously undiscovered threats.
What’s next
Azure Sentinel is our SOC platform for the future, and we will continue to evolve it to better meet the security needs of the complex world we live in. Let’s stay in touch:
Keep up to date by following the TechCommunity blog
Join our TechCommunity
Send us an e-mail with feedback and suggestions
Become an Azure Sentinel Threat Hunter
Quelle: Azure
This blog post is co-authored by George Zinn, Corporate VP, Microsoft Treasurer.
This week at Sibos, the world’s largest financial services event, Microsoft and SWIFT are showcasing the evolution of the cloud-native proof of concept (POC) announced at last year’s event. Building off the relationship between Microsoft Azure, SWIFT, and the work with Microsoft treasury, the companies are entering a long-term strategic partnership to bring to market SWIFT Cloud Connect on Azure. Together we have built out an end-to-end architecture that utilizes various Azure services to ensure SWIFT Cloud Connect achieves the resilience, security, and compliance demands for material workloads in the financial services industry. Microsoft is the first cloud provider working with SWIFT to build public cloud connectivity and will soon make this solution available to the industry.
SWIFT is the world’s leading provider of secure financial messaging services used and trusted by more than 11,000 financial institutions in more than 200 countries and territories. Today, enterprises and banks conduct these transactions by sending payment messages over the highly secure SWIFT network, leveraging on-premises installations of SWIFT technology. SWIFT Cloud Connect creates a bank-like wire transfer experience with the added operational, security, and intelligence benefits the Microsoft cloud offers.
To demonstrate the potential of the production-ready service, Microsoft Treasury has successfully run test payment transactions through the SWIFT production network to their counterparty Bank of New York-Mellon (BNY Mellon) for payment confirmations through SWIFT on Azure. BNY Mellon is a global investments company dedicated to helping its clients manage and service their financial assets throughout the investment lifecycle. The company’s Treasury Services group, which delivers high-quality performance in global payments, trade services and cash management, provides payments services for Microsoft Treasury.
“At BNY Mellon, we focus on delivering world class solutions that exceed our clients’ expectations,” said Bank of New York Mellon Treasury Services CEO Paul Camp. “Together with SWIFT, we continuously work to enhance the payments experience for clients around the world. We’re excited to join now with our Microsoft Treasury client and with SWIFT to help make Cloud Connect real, leveraging Microsoft’s cloud expertise to expand the frontiers of financial technology. Building on the positive experience with Cloud Connect, we look forward to exploring additional opportunities with Microsoft Treasury to advance their digital payments strategy.”
In response to the rapidly increasing cyber threat landscape, SWIFT introduced the customer security program (CSP). This introduces a set of mandatory security controls for which many financial institutions have a significant challenge to implement in their on-premise environment. To simplify and support control implementation and enable continuous monitoring and audit, Microsoft has developed a blueprint for the CSP framework. Azure Blueprint is a free service that enables customers to define a repeatable set of Azure resources and policies that implement and adhere to standards, patterns and control requirements. Azure Blueprints allow customers to set up governed Azure environments at scale to aid secure and compliant production implementations. The SWIFT CSP Blueprint is now available in preview.
Microsoft treasury has performed their testing with SWIFT by leveraging the Azure Logic Apps service to process payment transactions. Such an implementation used to take months but instead was completed in just a few weeks. Treasury integrated their backend SAP systems via Logic Apps to SWIFT to process payment transactions and business acknowledgments. As part of this processing, the transactions are validated and checked for duplicates or anomalies using the rich capabilities of Logic Apps.
Logic Apps is Microsoft Azure’s integration platform as a service (iPaaS) and now provides native understanding of SWIFT messaging, enabling customers to accelerate the modernization of their payments infrastructure by leveraging the cloud. With hybrid VNet-connected integration capabilities to on-premises applications as well as a wide array of Azure services, Logic Apps provides more than 300 connectors for intelligent automation, integration, data movement, and more to harness the power of Azure.
Microsoft treasury is able to quickly leverage the power of Azure to enable a seamless transfer of payment transactions. With Azure Monitor and Log Analytics they are also able to monitor, manage, and correlate their payment transactions for full end-to-end process visibility.
We are thrilled to extend our partnership with SWIFT as we believe this will become an integral offering for the industry. We thank BNY Mellon for their part in confirming the potential of SWIFT Cloud Connect. To see it in action, stop by the Microsoft booth in the North Event Hall, Z131.
Quelle: Azure
The release of Storage Explorer 1.10.0 brings many exciting updates and new features that we hope can help you be more productive and efficient when working with your Azure Storage Accounts. If you’ve never used Storage Explorer before, make sure to head to our product page, and download it for your favorite operating system. In this post, we’ll go over the newly added support for virtual machine (VM) disk management that was added in the 1.10.0 release.
Easily backup and restore VMs with disk support
Managed disks have been simplifying Azure VM creation and maintenance over page blobs, blob containers and storage accounts. Today, Azure managed disks are the default storage option for Azure IaaS VMs. Recently, we introduced the Direct Upload API that allows you to upload data from on-premises without staging the data in a storage account. Azure Storage Explorer further simplifies those tasks by providing performant upload and download capabilities for creating and accessing managed disks. Here are two example scenarios for how the new features benefit customers like you:
We learned it is common to migrate VMs from on-premises to Azure. With Storage Explorer you can conveniently perform this task using the following steps in the documentation.
Figure 1: Upload a VHD using Storage Explorer
Backup and restore operations are also very common practices in customers’ disaster recovery strategy. A typical scenario is rolling back VMs to last known good version by restoring disks from snapshots after a regional outage or an application upgrade failure.
The workflow is now simplified with managed disks support in Storage Explorer. In the 1.10.0 release you can snapshot a disk just like any other blob to back up the current version. In upcoming releases, we will fully support creating disks from snapshots to complete the end-to-end scenario.
Figure 1: Capturing snapshot of VHDs from an Azure VM
Next steps
Download Storage Explorer 1.10.0 today and start efficiently managing your VMs and disks. If you have any feedback, please make sure to open a new issue on our GitHub repo. If you are experiencing difficulties using the product, please open a support ticket following these instructions.
Quelle: Azure
A few months back, at SAP’s SAPPHIRE NOW event, we announced the availability of Azure Mv2 Virtual Machines (VMs) with up to 6 TB of memory for SAP HANA. We also reiterated our commitment to making Microsoft Azure the best cloud for SAP HANA. I’m glad to share that Azure Mv2 VMs with 12 TB of memory will become generally available and production certified in the coming weeks, in US West 2, US East, US East 2, Europe North, Europe West and Southeast Asia regions. In addition, over the last few months, we have expanded regional availability for M-series VMs, offering up to 4 TB, in Brazil, France, Germany, South Africa and Switzerland. Today, SAP HANA certified VMs are available in 34 Azure regions, enabling customers to seamlessly address global growth, run SAP applications closer to their customers and meet local regulatory needs.
Learn how you can leverage Azure Mv2 VMs for SAP HANA by watching this video.
Running mission critical SAP applications requires continuous monitoring to ensure system performance and availability. Today, we are launching private preview of Azure Monitor for SAP Solutions, an Azure Marketplace offering that monitors SAP HANA infrastructure through the Azure Portal. Customers can combine monitoring data from the Azure Monitor for SAP Solutions with existing Azure Monitor data and create a unified dashboard for all their Azure infrastructure telemetry. You can sign up by contacting your Microsoft account team.
We continue to co-innovate with SAP to help accelerate our customers’ digital transformation journey. At SAPPHIRE NOW, we announced several such co-innovations with SAP. First, we announced general availability of SAP Data Custodian, a governance, risk and compliance offering from SAP, which leverages Azure’s deep investments in security and compliance features such as Customer Lockbox.
Second, we announced general availability of Azure IoT integration with SAP Leonardo IoT, offering customers the ability to contextualize and enrich their IoT data with SAP business data to drive new business outcomes. Third, we shared that SAP’s Data Intelligence solution leverages Azure Cognitive Services Containers to offer intelligence services such as face, speech, and text recognition. Lastly, we announced a joint collaboration of the integration of Azure Active Directory with SAP Cloud Platform Identity Authentication Service (SAP IAS) for a seamless single sign on and user provisioning experience across SAP and non-SAP applications. Azure AD Integration with SAP IAS for seamless SSO is generally available and the user provisioning integration is now in public preview. Azure AD integration with SAP SuccessFactors for simplified user provisioning will become available soon.
Another place I am excited to deepen our partnership is in blockchain. SAP has long been an industry leader in solutions for supply chain, logistics, and life sciences. These industries are digitally transforming with the help of blockchain, which adds trust and transparency to these applications, and enables large consortiums to transact in a trusted manner. Today, I am excited to announce that SAP’s blockchain-integrated application portfolio will be able to connect to Azure blockchain service. This will enable our joint customers to bring the trust and transparency of blockchain to important business processes like material traceability, fraud prevention, and collaboration in life sciences.
Together with SAP, we are offering a trusted path to digital transformation with our best in class SAP certified infrastructure, business process and application innovation services, and a seamless set of offerings. As a result, we help migrate to Azure SAP customers across the globe such as Carlsberg and CONA Services, who have large scale mission critical SAP applications. Here are a few additional customers benefiting from migrating their SAP applications to Azure:
Al Jomaih and Shell Lubricating Oil Company: JOSLOC, the joint venture between Al Jomaih Holding and Shell Lubricating Oil Company, migrated their mission critical SAP ERP to Azure, offering them enhanced business continuity and reduced IT complexity and effort, while saving costs. Migrating SAP to Azure has enabled the joint venture to prepare for their upgrade to SAP S/4HANA in 2020.
TraXall France: TraXall France provides vehicle fleet management services for upwards of 40,000 managed vehicles. TraXall chose Microsoft Azure to run their SAP S/4HANA due to the simplified infrastructure management and business agility, and to meet compliance requirements such as GDPR.
Zuellig Pharma: Amid a five-year modernization initiative, Singapore-based Zuellig Pharma wanted to migrate their SAP solution from IBM DB2 to SAP HANA. Zuellig Pharma now runs its SAP ERP on HANA with 1 million daily transactions and 12 TB of production workloads at a 40 percent savings compared to their previous hosting provider.
If you’re attending SAP TechEd in Las Vegas, stop by at the Microsoft booth #601 or attend one of the Microsoft Azure sessions to learn more about these announcements and to see these product offerings in action.
Tuesday September 24, 1:00pm–1:30pm: Bringing SAP Cloud Platform and Microsoft Azure Closer Together
Thursday September 26, 11:45am–12:45am: Innovation, IT Agility, and Developer Productivity on Azure
To learn more about how migrating SAP to Azure can help you accelerate your digital transformation, visit our website at https://azure.com/sap.
Quelle: Azure
This morning at the SIBOS conference in London we announced how our new Azure Blueprint is being introduced by Microsoft in conjunction with the recent efforts to enable SWIFT connectivity in the cloud. It supports our joint customers in compliance monitoring and auditing of SWIFT infrastructure for cloud native payments, as described on the Official Microsoft Blog.
SWIFT is the world’s leading provider of secure financial messaging services used and trusted by more than 11,000 financial institutions in more than 200 countries and territories. Today, enterprises and banks conduct these transactions by sending payment messages over the highly secure SWIFT network which leverages on-premises installations of SWIFT technology. SWIFT Cloud Connect creates a bank-like wire transfer experience with the added operational, security, and intelligence benefits the Microsoft Cloud offers.
Azure Blueprints is a free service that enables customers to define a repeatable set of Azure resources that implement and adhere to standards, patterns, and requirements. Azure Blueprints allow customers to set up governed Azure environments that can scale to support production implementations for large-scale migrations. Azure Blueprints include mappings for key compliance standards such as ISO 27001, NIST SP 800-53, PCI-DSS, UK Official, IRS 1075, and UK NHS.
The new SWIFT blueprint maps Azure built-in polices to CSP's security controls framework, enabling financial service organizations to have agility in creating and monitoring secure and compliant SWIFT infrastructure environments.
The Azure blueprint includes mappings to:
Account management. Helps with the review of accounts of that may not comply with an organization’s account management requirements.
Separation of duties. Helps in maintaining an appropriate number of Azure subscription owners.
Least privilege. Audits accounts that should be prioritized for review.
Remote access. Helps with monitoring and control of remote access.
Audit review, analysis, and reporting. Helps ensure that events are logged and enforces deployment of the Log Analytics agent on Azure virtual machines.
Least functionality. Helps monitor virtual machines where an application white list is recommended but has not yet been configured.
Identification and authentication. Helps restrict and control privileged access.
Vulnerability scanning. Helps with the management of information system vulnerabilities.
Denial of service protection. Audits if the Azure DDoS Protection standard tier is enabled.
Boundary protection. Helps with the management and control of the system boundary.
Transmission confidentiality and integrity. Helps protect the confidentiality and integrity of transmitted information.
Flaw remediation. Helps with the management of information system flaws.
Malicious code protection. Helps the management of endpoint protection, including malicious code protection.
Information system monitoring. Helps with monitoring a system by auditing and enforcing logging across Azure resources
We are committed to helping our customers leverage Azure in a secure and compliant manner. Over the next few months, we will release new built-in blueprints for HITRUST, FedRAMP, and Center for Internet Security (CIS) Benchmark. If you have suggestions for new or existing compliance blueprints, please share them via the Azure Governance Feedback Forum.
Learn more about the SWIFT CSP blueprint in our documentation.
Quelle: Azure
The preview of incremental snapshots of Azure managed disks is now available. Incremental snapshots are a cost-effective point-in-time backup of managed disks. Unlike current snapshots, which are billed for the full size, incremental snapshots are billed for the delta changes to disks since the last snapshot. They are always stored on the most cost-effective storage i.e., standard HDD irrespective of the storage type of the parent disks. Additionally, for increased reliability, they are stored on Zone redundant storage (ZRS) by default in regions that support ZRS. They cannot be stored on premium storage. If you are using current snapshots on premium storage to scale up virtual machine deployments, we recommend you to use custom images on standard storage in Shared Image Gallery. It will help you to achieve a more massive scale with lower cost.
Incremental snapshots provide a differential capability, a unique capability available only in Azure managed disks. It enables customers and independent solution vendors (ISV) to build backup and disaster recovery solutions for managed disks. It allows you to get the changes between two snapshots of the same disk, thus copying only changed data between two snapshots across regions, reducing time and cost for backup and disaster recovery. For example, you can download the first incremental snapshot as a base blob in another region. For the subsequent incremental snapshots, you can copy only the changes since the last snapshot to the base blob. After copying the changes, you can take snapshots on the base blob that represent your point in time backup of the disk in another region. You can restore your disk either from the base blob or from a snapshot on the base blob in another region.
Incremental snapshots inherit all the compelling capabilities of current snapshots. They have a lifetime independent of their parent managed disks, making them available even when the parent managed disk is deleted. Moreover, they are accessible instantaneously meaning you can read the underlying VHD of incremental snapshots or restore disks from them as soon as they are created.
You can create incremental snapshots by setting the new incremental property to true.
az snapshot create
-g yourResourceGroupName
-n yourSnapshotName
-l westcentralus
–source subscriptions/yourSubscriptionId/resourceGroups/yourResourceGroupName/providers/Microsoft.Compute/disks/yourDiskName
–incremental
You can identify incremental snapshots of the same disk by using the SourceResourceId and SourceUniqueId properties of snapshots. SourceResourceId is the Azure Resource Manager (ARM) resource Id of the parent disk. SourceUniqueId is the value inherited from the UniqueId property of the disk. If you delete a disk and then create a disk with the same name, the value of the UniqueId property will change.
az snapshot show
-g yourResourceGroupName
-n yourSnapshotName
–query [creationData.sourceResourceId] -o tsv
az snapshot show
-g yourResourceGroupName
-n yourSnapshotName
–query [creationData.sourceUniqueId] -o tsv
Availability and pricing
You can now create incremental snapshots and generate SAS URI for reading the underlying data in West Central US region via Azure Compute Rest API version 2019-03-01. You can also use the latest Azure PowerShell SDK, .Net SDK and CLI to perform these operations. The differential capability is supported via the pre-released versions of .NET, Python, and CPP Storage SDKs only. Please email AzureDisks@microsoft.com to get access to these SDKs. We are going to add support for other SDKs and other regions soon.
The per GB pricing of incremental snapshots is the same as the current full snapshots. You can visit the managed disk pricing for more details about the snapshot pricing.
Getting started
Please email AzureDisks@microsoft.com to get access to the preview.
Create an incremental snapshot using CLI.
Create an incremental snapshot using PowerShell.
Quelle: Azure
