Announcing Virtual Network Integration for Azure Storage and Azure SQL
`
Contacts
Rick Weyenberg email: twitter: @codeboarder
Mark Garner email: twitter: @mgarner
website:
twitter: @azureflashfri
iTunes: aka.ms/aff-iTunes
Up-Coming Events
Minnesota Azure Users Group
Thursday October 5th, 2017
@MSFT Office
Understanding Blockchain: Real Relevant Robust
For more information:
Chicago Azure Users Group
Discover Options with Open Source Tech on Azure IaaS and PaaS
Wed Nov 15th, 2017
Cloud 9 Infosystems, Inc, Oakbrook.
Announcing Virtual Network integration for Azure Storage and Azure SQL
For many of our customers moving their business-critical data to the cloud, data breaches remain a top concern. Various Azure services that store or process the business data have Internet-reachable IP addresses. Leaked credentials or malicious insiders with administrative privileges gaining access to the data, from anywhere in the world, is an increasing concern to our customers.
To protect against these threats, private connectivity to Azure services is becoming essential to moving more critical workloads to the cloud. Most customers want to limit access to their critical resources to only their private environments, i.e. their Azure Virtual Networks and on-premises.
While some of the Azure services can be directly deployed into VNets, many others still remain public. With VNet service endpoints, we are expanding Virtual Network support to more multi-tenant Azure services.
Service endpoints extend your VNet private address space and identity to the Azure services, over a direct connection. This allows you to secure your critical service resources to only your virtual networks, providing private connectivity to these resources and fully removing Internet access.
Announcing the public preview of Azure Storage metrics in Azure Monitor
With metrics on Azure Storage, you can analyze usage trends, trace requests, and diagnose issues with your storage account.+
Azure Monitor provides unified user interfaces for monitoring across different Azure services. For more information, see Azure Monitor. Azure Storage integrates Azure Monitor by sending metric data to the Azure Monitor platform.+
Access metrics
Azure Monitor provides multiple ways to access metrics. You can access them from the Azure portal, the Azure Monitor APIs (REST, and .Net) and analysis solutions such as Operation Management Suite and Event Hub. For more information, see Azure Monitor Metrics.+
Metrics are enabled by default, and you can access most recent 30 days of data. If you need to retain data for a longer period of time, you can archive metrics data to an Azure Storage account. This is configured in diagnostic settings in Azure Monitor.
Announcing new Azure VM sizes for more cost-effective database workloads
Our customers told us that their database workloads like SQL Server or Oracle often require high memory, storage, and I/O bandwidth, but not a high core count. Many database workloads they are running are not CPU-intensive. They want a VM size that enables them to constrain the VM vCPU count to reduce the cost of software licensing, all while maintaining the same memory, storage, and I/O bandwidth.
We are excited to announce the latest versions of our most popular VM sizes (DS, ES, GS, and MS), which constrain the vCPU count to one half or one quarter of the original VM size, while maintaining the same memory, storage and I/O bandwidth. We have marked these new VM sizes with a suffix that specifies the number of active vCPUs to make them easier for you to identify.
VM Size / vCPUs / Memory / Max Disks / Max I/O Throughput / SQL Server Enterprise licensing cost per year / Total cost per year(Compute + licensing)
Standard_DS14v2 / 16 / 112 GB / 32 / 51,200 IOPS or 768 MB/s
Standard_DS14-4v2 / 4 / 112 GB / 32 / 51,200 IOPS or 768 MB/s / 75% lower / 57% lower
Standard_GS5 / 32 / 448 / 64 / 80,000 IOPS or 2 GB/s
Standard_GS5-8 / 8 / 448 / 64 / 80,000 IOPS or 2 GB/s / 75% lower / 42% lower
Azure DDoS Protection Service preview
Distributed Denial of Service (DDoS) attacks are one of the top availability and security concerns voiced by customers moving their applications to the cloud. These concerns are justified as the number of documented DDoS attacks grew 380% in Q1 2017 over Q1 2016 according to data from Nexusguard. In October 2016, a number of popular websites were impacted by a massive cyberattack consisting of multiple denial of service attacks. It’s estimated that up to one third of all Internet downtime incidents are related to DDoS attacks.
As the types and sophistication of network attacks increases, Azure is committed to providing our customers with solutions that continue to protect the security and availability of applications on Azure. Security and availability in the cloud is a shared responsibility. Azure provides platform level capabilities and design best practices for customers to adopting and apply into application designs meeting their business objectives.
Today we're excited to announce the preview of Azure DDoS Protection Standard. This service is integrated with Virtual Networks and provides protection for Azure applications from the impacts of DDoS attacks. It enables additional application specific tuning, alerting and telemetry features beyond the basic DDoS Protection which is included automatically in the Azure platform.
Azure DDoS Protection Service offerings
Payment Processing Blueprint for PCI DSS-compliant environments
Today we are pleased to announce the general availability of a new Payment Processing Blueprint for PCI DSS-compliant environments, the only auditor reviewed, 100% automated solution for Payment Card Industry Data Security Standard - PCI DSS 3.2 technical controls. The architectural framework is designed to help companies deploy and operate a payment processing system, or credit card handling solution in Microsoft Azure. This automation solution will help customers adopt Azure solutions, showcasing a simple-to-understand reference architecture, and teach administrators how to deploy a secure and compliant workload while adhering to the PCI DSS compliance standard.
The solution was jointly developed with our partner Avyan Consulting, and subsequently reviewed by Coalfire, Microsoft’s PCI-DSS auditor. The PCI Compliance Review provides an independent, third-party review of the solution, and components that need to be addressed.
For a quick look at how this solution works, watch this five-minute video explaining, and demonstrating its deployment.
This automated architecture includes: Azure Application Gateway, Network Security Groups, Azure Active Directory, App Service Environment, OMS Log Analytics, Azure Key Vault, Azure SQL DB, Azure Load Balancer, Application Insights, Azure Web App, Azure Automation, Azure Runbooks, Azure DNS, Azure Virtual Network, Azure Virtual Machine, Azure Resource Group and Policies, Azure Blob Storage, Azure Active Directory access control (RBAC), and Azure Security Center.
Page 1 of 5