I am here to provide a single post for Azure updates on the previous month. In this blog, we will be covering up June month updates from Azure. Each update on this blog is not an exhaustive list of all the monthly updates. I want to call out the most specific updates from Infrastructure technologies (compute, storage, networking, identity, monitoring & security, etc.) and have categorized the updates based on high-level sections.
Azure Compute
Azure Image Builder Service now generally available
Organization needs for standardized images in Azure can be resolve by using the Azure image Builder service. Images typically include predefined security and configuration settings and necessary software. Setting up your own imaging pipeline requires time, infrastructure, and setup, but with Azure VM Image Builder, just provide a configuration describing your image, submit it to the service, and the image is built, and distributed.
Image Builder currently only natively supports creating Hyper-V generation (Gen1) 1 image to the Azure Shared Image Gallery (SIG) or Managed Image. The Azure VM Image Builder (Azure Image Builder) lets you start with a Windows or Linux-based Azure Marketplace image, existing custom images and begin to add your own customizations.
The service is built on Hashicorp packer.
Azure Storage
Azure Blob storage—NFS 3.0 protocol support generally available
The NFS protocol support on the Azure Blob storage account is now turned Generally available. Inventory feature provides an overview of your blob data within a storage
This support provides Linux file system compatibility at object storage scale and prices and enables Linux clients to mount a container in Blob storage from an Azure Virtual Machine (VM) or a computer on-premises.
NFS 3.0 protocol support requires blobs to be organized into a hierarchical namespace. You can enable a hierarchical namespace when you create a storage account. It organizes objects (files) into a hierarchy of directories and subdirectories in the same way that the file system on your computer is organized. The hierarchical namespace scales linearly and doesn’t degrade data capacity or performance.
Azure Networking & Security
Azure VPN NAT
Azure VPN Gateway NAT supports connecting on-premises networks or branch offices to an Azure virtual network with overlapping IP addresses. To connect two or more networks with overlapping IP addresses, NAT is deployed on the gateway devices connecting the networks. The service is currently on the public preview.
The current limitations are:
- Azure VPN gateway NAT supports static, 1:1 NAT rules only. Dynamic NAT rules are not supported.
- NAT is supported on the following SKUs: VpnGw2~5, VpnGw2AZ~5AZ.
- NAT is supported on IPsec cross-premises connections only. VNet-to-VNet connections or P2S connections are not supported.
- Create up to 100 NAT Rules on a VPN gateway.
- NAT works on both active-active and active-standby VPN gateways.
Azure Security centre updates in May
The Azure security centre updates in June include:
- New alert for Azure Defender for Key Vault
- Recommendations to encrypt with customer-managed keys (CMKs) disabled by default
- Prefix for Kubernetes alerts changed from “AKS_” to “K8S_”
- Deprecated two recommendations from “Apply system updates” security control.
Other Azure Services
Azure Backup – Cross-region Restore of SQL/SAP HANA running in Azure VM
Azure Backup cross-region restore (CRR) is now generally available for SQL Server and SAP HANA databases running in Azure VMs. CRR was already generally available for Azure VMs. When using Azure Backup, you can now use your geo-replicated backup data to restore SQL and SAP HANA databases running in Azure VMs to the Azure paired region. This allows you to use data that is already available in a secondary region for additional protection from disaster. Once you’ve enabled CRR in your backup vaults, you can perform self-service recovery in the Azure paired region during planned or unplanned incidents.
Enabling Cross Region Restore allows you to:
- conduct drills when there’s an audit or compliance requirement
- restore the data if there’s a disaster in the primary region
- When restoring a VM, you can restore the VM or its disk. If you’re restoring from SQL/SAP HANA databases hosted on Azure VMs, then you can restore databases or their files.
Azure Migrate private endpoint support available in public preview
Azure Migrate Private Link support allows you to connect privately and securely to the Azure Migrate service over an ExpressRoute private peering or a site-to-site VPN connection.
You can now use the Azure Migrate: Discovery and Assessment and Azure Migrate: Server Migration tools to securely discover, assess, and migrate servers over a private network using Azure Private Link. With the Azure Migrate Private Link support, you can:
Execute faster: Leverage existing ExpressRoute private peering circuits for greater migration velocity.
Be compliant: Adhere to organizational policies and requirements to not traverse public endpoints.
Be secure: Achieve additional network-level protection and guard against data exfiltration risks.
Thanks for your time, and I hope you had some quick preview of list updates from last month.
Santhosh has over 15 years of experience in the IT organization. Working as a Cloud Infrastructure Architect and has a wide range of expertise in Microsoft technologies, with a specialization in public & private cloud services for enterprise customers. My varied background includes work in cloud computing, virtualization, storage, networks, automation and DevOps.
