IoT is reaching mainstream adoption across businesses in all market segments. Our vision is to enable Azure to be the world’s computer, giving businesses real-time visibility into every aspect of their operations, assets, and products. Businesses are harnessing signals from IoT devices of all shapes and sizes, from the very smallest microcontroller units (MCUs) to very capable microprocessor units (MPUs). This presents a great opportunity for collaboration between semiconductor manufacturers with extensive expertise in MCUs/MPUs and Azure IoT, an industry leader in IoT.
It has been nearly one year since we acquired Express Logic and their popular ThreadX RTOS, and last year we announced Azure RTOS that provides customers those capabilities with the leading real-time operating system (RTOS) in the industry.
Today, we’re announcing additional collaborations with industry leaders, which together represent the vast majority of the market for 32-bit MCUs. Their MCUs are embedded into billions of devices from sensors, streetlights, and shipping containers to smart home appliances, medical devices, and more.
STMicroelectronics, Renesas, NXP, Microchip, and Qualcomm will all offer embedded development kits featuring Azure RTOS ThreadX, one of the components of the Azure RTOS embedded application development suite. This allows embedded developers to access reliable, real-time performance
Today, we’re announcing the general availability for server-side encryption (SSE) with customer-managed keys (CMK) for Azure Managed Disks. Azure customers already benefit from SSE with platform-managed keys for Managed Disks enabled by default. SSE with CMK improves on platform-managed keys by giving you control of the encryption keys to meet your compliance need.
Today, customers can also use Azure Disk Encryption, which leverages the Windows BitLocker feature and the Linux dm-crypt feature to encrypt Managed Disks with CMK within the guest virtual machine (VM). SSE with CMK improves on Azure Disk encryption by enabling you to use any OS types and images, including custom images, for your VMs by encrypting data in the Azure Storage service.
SSE with CMK is integrated with Azure Key Vault, which provides highly available and scalable secure storage for your keys backed by Hardware Security Modules. You can either bring your own keys (BYOK) to your Key Vault or generate new keys in the Key Vault.
About the key management
Managed Disks are encrypted and decrypted transparently using 256-bit Advanced Encryption Standard (AES) encryption, one of the strongest block ciphers available. The Storage service handles the encryption and decryption in a fully transparent fashion using envelope
Today marks the general availability of new Azure disk sizes, including 4, 8, and 16 GiB on both Premium and Standard SSDs, as well as bursting support on Azure Premium SSD Disks.
To provide the best performance and cost balance for your production workloads, we are making significant improvements to our portfolio of Azure Premium SSD disks. With bursting, even the smallest Premium SSD disks (4 GiB) can now achieve up to 3,500 input/output operations per second (IOPS) and 170 MiB/second. If you have experienced jitters in disk IOs due to unpredictable load and spiky traffic patterns, migrate to Azure and improve your overall performance by taking advantage of bursting support.
We offer disk bursting on a credit-based system. You accumulate credits when traffic is below the provisioned target and you consume credit when traffic exceeds it. It can be best leveraged for OS disks to accelerate virtual machine (VM) boot or data disks to accommodate spiky traffic. For example, if you conduct a SQL checkpoint or your application issues IO flushes to persist the data, there will be a sudden increase of writes against the attached disk. Disk bursting will give you the headroom to accommodate the expected and unexpected change in
Cloud, edge computing, and IoT are making strides to transform whole industries and create opportunities that weren’t possible just a few years ago. With the rise of 5G mobile connectivity, there are even more possibilities to deliver immersive, real-time experiences that have demanding, ultra-low latency, and connectivity requirements. 5G opens new frontiers with enhanced mobile broadband up to 10x faster, reliable low-latency communication, and very high device density up to 1 million devices per square kilometer.
Today we’re announcing transformative advances to combine the power of Azure, 5G, carriers, and technology partners around the world to enable new scenarios for developers, customers, and partners, with the preview of Azure Edge Zones.
New 5G customer scenarios with Azure Edge Zones
Azure Edge Zones and Azure Private Edge Zones deliver consistent Azure services, app platform, and management to the edge with 5G unlocking new scenarios by enabling:
Development of distributed applications across cloud, on-premises, and edge using the same Azure Portal, APIs, development, and security tools. Local data processing for latency critical industrial IoT and media services workloads. Acceleration of IoT, artificial intelligence (AI), and real-time analytics by optimizing, building, and innovating for robotics, automation, and mixed reality. New frontiers for developers
We’re announcing the general availability of incremental snapshots of Azure Managed Disks. Incremental snapshots are a cost-effective, point-in-time backup of managed disks. Unlike current snapshots, which are billed for the full size, incremental snapshots are billed for the delta changes to disks since the last snapshot and are always stored on the most cost-effective storage, Standard HDD storage irrespective of the storage type of the parent disks. For additional reliability, Managed Disks are also stored on Zone Redundant Storage (ZRS) by default in regions that support ZRS.
Incremental snapshots provide differential capability, enabling customers and independent solution vendors (ISVs) to build backup and disaster recovery solutions for Managed Disks. It allows you to get the changes between two snapshots of the same disk, thus copying only changed data between two snapshots across regions, reducing time and cost for backup and disaster recovery. Incremental snapshots are accessible instantaneously; you can read the underlying data of incremental snapshots or restore disks from them as soon as they are created. Azure Managed Disk inherit all the compelling capabilities of current snapshots and have a lifetime independent from their parent managed disks and independent of each other.
Examples of incremental snapshots
Let’s look at
Azure Container Registry announces preview support for Azure Private Link, a means to limit network traffic of resources within the Azure network.
With Private Link, the registry endpoints are assigned private IP addresses, routing traffic within a customer-defined virtual network. Private network support has been one of the top customer asks, allowing customers to benefit from the Azure management of their registry while benefiting from tightly controlled network ingress and egress.
Private Links are available across a wide range of Azure resources with more coming soon, allowing a wide range of container workloads with the security of a private virtual network.
Private Endpoints and Public Endpoints
Private Link provides private endpoints to be available through private IPs. In the above case, the contoso.azurecr.io registry has a private IP of 10.0.0.6 which is only available to resources in contoso-aks-eastus-vnet. This allows the resources in this VNet to securely communicate. The other resources may be restricted to resources only within the VNet.
At the same time, the public endpoint for the contoso.azurecr.io registry may still be public for the development team. In a coming release, Azure Container Registry (ACR) Private Link will support disabling the public endpoint, limiting access to
Late last year, we’ve announced the general availability of Azure Dedicated Hosts. This blog provides an update regarding the new and recently added capabilities since we introduced Azure Dedicated Hosts in preview.
Azure Dedicated Host provides a single-tenant physical server to run your Azure Virtual Machines for Windows Server and Linux. With Azure Dedicated Host, you can address specific compliance requirements while increasing visibility and control over your underlying infrastructure.
What’s new Save costs with Azure Dedicated Hosts reservations
We recently introduced the ability for you to purchase Azure reservations for Dedicated Hosts. You are now able to reduce costs by buying Azure Dedicated Hosts reservations. The reservation discount is applied automatically to the number of running dedicated hosts that match the reservation scope and attributes. You don’t need to assign a reservation to a specific dedicated host to get the discounts. You may also delete and create hosts and have the reservation apply to the hosts already deployed at any given time.
The Azure Dedicated Hosts pricing page contains the complete list of Dedicated Hosts SKUs, their CPU information, and various pricing options including Azure reservations discounts.
Azure Dedicated Host SKUs, unlike Azure Virtual Machines, are defined based on
We’re expanding the Microsoft Azure Stack Edge with NVIDIA T4 Tensor Core GPU preview during the GPU Technology Conference (GTC Digital). Azure Stack Edge is a cloud-managed appliance that brings Azure’s compute, storage, and machine learning capabilities to the edge for fast local analysis and insights. With the included NVIDIA GPU, you can bring hardware acceleration to a diverse set of machine learning (ML) workloads.
What’s new with Azure Stack Edge
At Mobile World Congress in November 2019, we announced a preview of the NVIDIA GPU version of Azure Stack Edge and we’ve seen incredible interest in the months that followed. Customers in industries including retail, manufacturing, and public safety are using Azure Stack Edge to bring Azure capabilities into the physical world and unlock scenarios such as the real-time processing of video powered by Azure Machine Learning.
These past few months, we’ve taken our customers’ feedback to make key improvements and are excited to make our preview available to even more customers today.
Azure Machine Learning: Build and train your model in the cloud, then deploy it to the edge for FPGA or
Today we’re announcing the general availability of Azure Monitor for virtual machines (VMs), which provides an in-depth view of VM performance trends and dependencies. You can access Azure Monitor for VMs from the Azure VM resource blade to view details about a single VM, from the Azure Virtual Machine Scale Sets (VMSS) resource blade to view details about a single VM scale set, and from Azure Monitor to understand compute issues at scale.
Azure Monitor for VMs brings together key monitoring data about your Windows and Linux VMs, allowing you to:
Troubleshoot guest-level performance issues and understand trends in VM resource utilization. Determine whether back-end VM dependencies are connected properly and which clients of a VM may be affected by any issues the VM is having. Discover VM hotspots at scale based on resource utilization, connection metrics, performance trends, and alerts. Performance
Performance views are powered by Log Analytics, and offer powerful aggregation and filtering capabilities including “Top N” VM sorting and searching across subscriptions and regions, aggregation of VM metrics (such as average memory) across all VMs in a resource group across regions, percentiles of performance values over time, and breakdown and selection of VM Scale Set instances.
The Azure Container Registry team is sharing the preview of customer-managed keys for data encryption at rest. Azure Container Registry already encrypts data at rest using service-managed keys. With the introduction of customer-managed keys you can supplement default encryption with an additional encryption layer using keys that you create and manage in Azure Key Vault. This additional encryption should help you meet your company’s regulatory or compliance needs.
Azure Container Registry encryption is supported through integration with Azure Key Vault. You can create your own encryption keys and store them in a Key Vault, or you can use Azure Key Vault API to generate encryption keys. With Azure Key Vault, you can also audit key usage.
During preview, customer-managed keys can only be enabled while creating a new registry in the Premium SKU. Enabling and disabling the feature on an existing registry will be available in an upcoming release.
With this release, you can try out the following scenarios on a customer-managed keys enabled registry:
Rotate the encryption keys using the Azure portal or the Azure command-line interface (CLI). Geo-replicated registries and Virtual Network integration are supported. You can enforce encryption for your registries through the built-in Azure Policy.