I am here to provide a single post for Azure updates on the previous month. In this blog, we will be covering up March month updates from Azure. Each update on this blog is not an exhaustive list of all the monthly updates. I want to call out the most specific updates from Infrastructure technologies (compute, storage, networking, identity, monitoring & security, etc.) and have categorised the updates based on high- level sections.
Azure Compute
Automatic VM guest patching is now in public preview for Linux VMs
If automatic VM guest patching is enabled on a VM, then the available Critical and Security patches are downloaded and applied automatically on the VM. This process kicks off automatically every month when new patches are released. Patch assessment and installation are automatic, and the process includes rebooting the VM as required. Automatic VM guest patching has the following characteristics:
- Patches classified as Critical or Security are automatically downloaded and applied on the VM.
- Patches are applied during off-peak hours in the VM’s time zone.
- Patch orchestration is managed by Azure and patches are applied following availability-first principles.
- Virtual machine health, as determined through platform health signals, is monitored to detect patching failures.
- Works for all VM sizes.
Azure Database
Zone redundant configuration for Azure SQL Database serverless compute tier
This feature is in public preview, the new and existing Azure SQL Databases and elastic pools that use the general-purpose tier can enable the zone redundant configuration. This configuration is offered for both serverless and provisioned compute. The zone redundant configuration utilizes Azure Availability Zones to replicate databases across multiple physical locations within an Azure region. By selecting zone redundancy, you can make your serverless and provisioned general purpose single databases and elastic pools resilient to a much larger set of failures, including catastrophic datacentre outages, without any changes of the application logic.
Once the zone redundant option is enabled, Azure SQL Database will automatically reconfigure the database or pool. You can configure this setting by using Portal, CLI, PowerShell, or ARM API.
Azure Storage
Backup for Azure Managed Disk in now Generally available
With this feature we can easily manage the disk snapshots with zero infrastructure cost and without need for custom scripting or any management overhead. This is a crash-consistent backup solution that takes point in time backup of a managed disk using incremental snapshots with support for multiple backups per day. Moreover, it is an agent-less solution and does not impact production application performance. It supports backup and restore of both OS and Data disk (including Shared disk), regardless of whether or not they are currently attached to a running Azure Virtual machine.
Key Benefits of Azure Disk Backup:
- More frequent & quick backups without interrupting the virtual machine.
- Does not affect the performance of the production application.
- No security concerns as it does not require running custom scripts or installing agents.
- Cost-effective solution to backup specific disk.
Encryption scopes in Azure Storage now generally available
Encryption scopes enable you to manage encryption with a key that is scoped to a container or an individual blob. You can use encryption scopes to create secure boundaries between data that resides in the same storage account but belongs to different customers.
Encryption scopes introduce the option to provision multiple encryption keys in a storage account for blobs. Previously, customers using a single storage account for multi-tenancy scenarios were limited to using a single account-scoped encryption key for all the data in the account. With encryption scopes, you now can provision multiple encryption keys and choose to apply the encryption scope either at the container level (as the default scope for blobs in that container) or at the blob level.
Azure Storage — Routing Preferences
Routing Preference for Azure Storage provides you the flexibility to choose how network traffic is routed between clients outside Azure and your storage accounts by optimizing for exceptional network reliability and performance or by optimizing for lower costs. You now have the choice to direct network traffic to the public endpoint of your storage account using the ‘Microsoft Global Network’ or over the ‘Public Internet’. The Microsoft global network delivers exceptional network reliability with premium performance, while using your ISP network may help achieve cost efficiency.
By default and to date, network traffic between clients outside Azure and the storage account always uses the Microsoft global network. You can change the routing preference configuration for the default public endpoint to the ISP network for storage accounts in major Azure regions where the feature is available. In addition, you now have the ability to publish additional route-specific endpoints for your storage accounts. These route-specific endpoints will always route traffic between clients outside Azure and the storage account over the appropriate path.
Azure Networking & Security
ExpressRoute monitoring in Azure Monitor network insights
Azure ExpressRoute customers can now access their metrics and configuration details in one, easy-to-use solution. Through network insights, you can now view topological maps and health dashboards containing important ExpressRoute information without needing to complete any additional setup. New capabilities available for ExpressRoute in network insights include.
- View all components of your ExpressRoute circuit (peerings, connections, and gateways) in one topology.
- View provisioning and health status of all connected components.
- View important circuit metrics across the categories of Availability, Throughput, Packet Drops.
- View metrics about your ExpressRoute Gateway connected to your circuit.
IPv6 support for ExpressRoute Private Peering
IPv6 support for ExpressRoute Private Peering is now available for public preview with ExpressRoute circuits globally and Azure environments in regions with Availability zones. IPv6 support will unlock hybrid connectivity for you as you look to expand into mobile and IoT markets with Azure, or to address IPv4 exhaustion in your on-premise networks.
Service Tags for User Defined Routing
This feature allows to specify a Service Tag as the address prefix for a user-defined route instead of an explicit IP range. A Service Tag represents a group of IP address prefixes from a given Azure service. Microsoft manages the address prefixes encompassed by the service tag and automatically updates the service tag as addresses change, minimizing the complexity of frequent updates to user-defined routes and reducing the number of routes you need to create. You can currently create 25 or less routes with Service Tags in each route table.
The feature is available through REST, PowerShell, CLI, and can also be used in ARM templates. This feature is not currently available through the Azure Portal.
Service Tags for user-defined routes is currently in preview. This preview version is provided without a service level agreement, and it’s not recommended for production workloads.
Azure Route Server
Azure Route Server simplifies dynamic routing between your network virtual appliance (NVA) and your virtual network. When you establish a Border Gateway Protocol (BGP) peering between your NVA and Azure Router Server, you can advertise IP addresses from your NVA to your virtual network. Your NVA will also learn what IP addresses your virtual network has. Azure Route Server is a fully managed service and is configured with high availability. Several key Azure Route Server benefits include:
- Simplify network appliance operations
- Deploy it in your existing setup
- Support any network appliance
Other Azure Services
Networking for Key Vault references on Windows in App Service and Azure Functions
This feature provides options to work with secrets from Azure Key Vault in App Service or Azure Functions application without requiring any code changes. Azure Key Vault is a service that provides centralized secrets management, with full control over access policies and audit history.
Key Vault references allow the app to use a managed identity to resolve secrets from Azure Key Vault and expose them as environment variables. This allows teams to easily move secrets into management without code changes. Support for Linux apps is coming soon.
Azure Backup Centre
Azure Backup provides data protection capabilities for business-critical workloads in a simple, secure, and cost-effective manner. Backup Center, now generally available as a management plane for Azure Backup, enables centralized backup management for Azure VMs, SQL in Azure VMs, HANA in Azure VMs, and Azure Files. Additionally, Backup support for Azure Disks, Azure Blobs, and Azure Database for Postgre SQL servers is in public preview.
Backup Center provides you a single-entry point to monitor, operate, govern, and optimize data protection at scale. Customers can get an aggregated view of their inventory across subscriptions, locations, resource groups, vaults, and even tenants using Azure Lighthouse.
Thanks for your time, and I hope you had some quick preview of list updates from March month.
Santhosh has over 15 years of experience in the IT organization. Working as a Cloud Infrastructure Architect and has a wide range of expertise in Microsoft technologies, with a specialization in public & private cloud services for enterprise customers. My varied background includes work in cloud computing, virtualization, storage, networks, automation and DevOps.
