Azure Updates – March 2018

General availability: Global VNet Peering

Global VNet Peering is now generally available.

Global VNet Peering enables resources in your virtual network to communicate across Azure regions privately through the Microsoft backbone. VMs across virtual networks can communicate directly without gateways, extra hops, or transit over the public internet. This allows a high-bandwidth, low-latency connection across peered virtual networks in different regions.

With just a couple of clicks, you can use Global VNet Peering to share resources within a global, private network. You can then easily replicate data across regions for redundancy and disaster recovery. For more information, refer to our overview page, detailed documentation, and pricing.

You can now peer across the following regions:

  • Korea South
  • UK South
  • UK West
  • Canada East
  • India South
  • India Central
  • India West
  • US West Central
  • Canada Central
  • US West 2

General availability: Azure Network Watcher Connection Monitor in all public regions

The Connection Monitor feature in Azure Network Watcher is now generally available in all public regions. Connection Monitor provides you RTT values on a per-minute granularity. You can monitor a direct TCP connection from a virtual machine to a virtual machine, FQDN, URI, or IPv4 address.

Network scenarios are complex. They are implemented through Network Security Groups, firewalls, user-defined routes, and resources provided by Azure. Complex configurations make monitoring and troubleshooting connectivity problems challenging. Network Watcher Connection Monitor helps reduce the amount of time to detect connectivity problems. The returned results can provide insights into whether a connectivity problem is due to a platform or a user configuration problem.

General availability: Application security groups in all Azure regions

Application security groups (ASGs) are now generally available in all Azure regions, including national clouds. This feature enables micro-segmentation within the virtual network.

ASGs enable you to define fine-grained network security policies based on workloads, applications, or environments instead of explicit IP addresses. You can group VMs with named monikers and secure applications by filtering traffic from trusted segments of your network.

Application security groups, along with the latest improvements in network security groups (NSGs), bring the following benefits:

  • A unified management experience
  • Increased limits on multiple dimensions
  • A great level of simplification
  • A natural expression of security policies

General availability: Zone-redundant storage

Azure zone-redundant storage, which was previously in public preview, is now generally available.

Zone-redundant storage greatly simplifies development of highly available applications by replicating your data to different Availability Zones, with inserts and updates to data being performed synchronously across these Availability Zones. You can continue with read and write operations on your data even when one of the Availability Zones is unavailable or unrecoverable.

Availability Zones provide fault isolation through physical separation. Each zone consists of one or more datacenters with independent power, network, and cooling. Consider zone-redundant storage for applications where highly available read and write access is required in an Azure region.

Starting Jun 1, 2018, generally available pricing will take effect. Preview pricing will continue until that date. For more details on zone-redundant storage—including regional availability, pricing, and migration—see the documentation.

General availability: Azure Availability Zones in select regions

Azure Availability Zones, a high-availability solution for mission-critical applications, is now generally available.

Availability Zones are physically separate locations within an Azure region. Each Availability Zone consists of one or more datacenters equipped with independent power, cooling, and networking. With the introduction of Availability Zones, we now offer a service-level agreement (SLA) of 99.99% for uptime of virtual machines.

Public preview: Soft delete for Azure Storage blobs

Soft delete for Azure Storage blobs is now in public preview. The feature is available in all regions, both public and private.

When you turn on soft delete, you can save and recover your data when blobs or blob snapshots are deleted. This protection extends to

blob data that's erased as the result of an overwrite.

Public preview: Virtual machine serial console

Virtual machine serial console is now public preview. This feature allows bidirectional serial console access to your virtual machines. The preview is available in global Azure regions.

To try it, look for Serial console (Preview) in the Support+Troubleshooting section of your virtual machine.

Azure Data Factory supports Azure AD authentication

Azure Data Factory V2 now supports Azure Active Directory (Azure AD) authentication for Azure SQL Database and SQL Data Warehouse, as an alternative to SQL Server authentication.

Two modes of Azure AD authentication have been enabled. For prerequisite steps, see the following ACOM links.

For SQL Database:

For SQL Data Warehouse:

AD authentication has been enabled both through UI-based authoring and through JSON

General availability: Azure Scheduled Events

Azure Scheduled Events for virtual machines is now generally available. Scheduled Events is an Azure metadata service that gives your application time to prepare for virtual machine maintenance. It provides information about upcoming maintenance events (for example, reboot) so your application can prepare for them and limit disruption. It's available for all Azure virtual machine types, including PaaS and IaaS on both Windows and Linux.

Scheduled events are surfaced through a REST endpoint from within the VM. The information is made available via a non-routable IP so that it is not exposed outside the VM.

General availability: Standard Load Balancer

Azure Standard Load Balancer is now generally available in all public regions.

You can use Standard Load Balancer to scale your applications and create high availability by using public and internal deployments. Standard Load Balancer offers resiliency and ease of use for all your virtual machine resources inside a virtual network. It supports inbound as well as outbound scenarios, provides low latency and high throughput, and scales up to millions of flows for all TCP and UDP applications.

General availability: Disable BGP route propagation for virtual network routes

If you're connecting your virtual network by using Azure ExpressRoute or VPN gateways, it's now easier to disable routing through Border Gateway Protocol (BGP).

You can use this capability in your route tables, by simply adding a property to disable BGP routes from being propagated.

Public preview: Azure DNS Private Zones

Azure DNS Private Zones is now in public preview. This feature enables customers to host DNS zones within their virtual networks, and it enables name resolution both within and across virtual networks. Additionally, customers can configure zone names with a split-horizon or split-brain view, allowing a private and public DNS zone to share the same name.

Azure DNS Private Zones is available in all Azure regions.

App Service BizTalk Hybrid Connections: end of life on May 31, 2018

BizTalk Hybrid Connections will reach end of life on May 31, 2018.

To avoid problems, you should migrate from BizTalk Hybrid Connections to the new Azure Relay–based Hybrid Connections. You can read more about them in Azure App Service Hybrid Connections. To learn how to migrate your BizTalk Hybrid Connections to the new Hybrid Connections, read the extended details in our team blog.

Deprecating Service Management API support for Azure App Service

Azure Service Management support will be retired on June 30, 2018. After that, Azure App Service resource management will be supported only through Azure Resource Manager.

The Service Management APIs are not well suited for the modern cloud. Supporting Service Management APIs any longer will hold us back from delivering a premium developer experience and control at plane scale.

Customers currently using the Service Management APIs will be better served by moving to Resource Manager. Resource Manager has many benefits over Service Management, like a robust deployment model, role-based access, and better API support for features

Simplified process for creating secure Service Fabric clusters

As part of our efforts to improve security in the cloud, we have removed the option to create unsecure Azure Service Fabric clusters from portal. In its place, we added a simplified process for creating secure Service Fabric clusters. You can create a certificate from the portal during the Service Fabric creation experience, from a new or existing key vault.

When you create a Service Fabric cluster through portal, you now see the new Basic experience by default. If you want all of the advanced certificate functionality and options, select the Custom option.

Azure portal updates: March 2018

Since the beginning of the year, the Azure portal team has deployed hundreds of updates to help you manage your compute, network, and storage resources more securely, quickly, and easily. VM-related improvements we've rolled out in the past month include:

  • Improved logic for the VM Connect button. We improved the logic that's used to generate the RDP file when you're connecting to a Windows virtual machine:
    • If your VM has a public IP address, the RDP file is generated with the DNS name, load balancer IP address, or public IP address, in that order.
    • If your VM does not have a public IP address, the RDP file is generated to connect to the private IP address on the VM. This is useful if you have an Azure ExpressRoute or VPN connection to the VM's virtual network.   
  • Adding a network interface to an existing VM. You can now use the portal to add a network interface to an existing VM from the Networking blade. You can add an existing NIC or create a new one. 
  • NSG warnings for publicly exposed ports. On the Networking blade, you now see a warning icon next to network security group rules that might expose your virtual machine to unwanted access from the internet.

ClearDB removal from the Azure Marketplace

Starting today until June 13, ClearDB will transition Azure-based customers currently billed by Microsoft to a direct billing model with ClearDB. As a result, you will no longer be able to create or upgrade a ClearDB database. 

For more details and next steps, see Changes to ClearDB service plans.

Public preview: Low-priority VMs on virtual machine scale sets

You can use virtual machine scale sets to deploy and manage a set of identical VM instances as a group. In addition to the support for Autoscale, load balancing, automatic OS image updates, and ease of deployment and management options, scale sets now include support for provisioning low-priority VMs.

Low-priority VMs are allocated on any excess capacity and can be evicted anytime, depending on the demand. You can use this option to run resilient, fault-tolerant applications and batch processing tasks at a fraction of the on-demand price, enabling significant cost savings. Low-priority VMs are available through scale sets with up to an 80 percent discount in all Azure regions.

To learn more, see the Low-priority VMs on scale sets article.

Azure Backup is now available in France

Azure Backup is now available in Azure France. The service is available in both France Central and France South.

Azure Backup enables zero-infrastructure backup and recovery of your data in the Microsoft Cloud. Azure Backup enables Azure IaaS VM backup. It can also replace your existing on-premises or off-site backup solution with a cloud-based solution that is reliable, secure, and cost-competitive.

For more information, see the Azure Backup technical documentation.

General availability: Support for large disk backup and improvements for backup/restore

Azure Backup now supports backup of large disk VMs, and recent improvements reduce the time taken for backup and restore. These updates are based on a new VM backup stack and are available for both managed and unmanaged disks.

You can seamlessly upgrade to this new stack without any impact to your ongoing backup jobs. There's no change to how you set up backup or restore.

For more information, read the blog post.

App Service updating PHP to latest versions

In the next release of the Web Apps feature of Azure App Service, we'll update the PHP stacks to the latest available versions.

For information on the changes in the new versions, see the change logs on the PHP website.