This blog post primarily talks about how Azure Firewall and Azure Backup can be leveraged to provide comprehensive protection to your data. The former protects your network, while the latter backs up your data to the cloud. Azure Firewall, now generally available, is a cloud-based network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. With Azure Firewall you can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. It uses a static public IP address for your virtual network resources, allowing outside firewalls to identify traffic originating from your virtual network.
Backup of Azure Virtual Machines
In a typical scenario, you may have Azure Virtual Machines (VMs) running business-critical workloads behind an Azure Firewall. While this is an effective means of shielding your VMs against network threats, you would also want to protect your data in the VMs using Azure VM Backup. This further reduces the odds of being exposed to several risks. Azure Backup protects the data in your VMs by safely storing it in your Recovery Services Vault. This involves moving data from your
We are continuously enhancing our offerings to help you in your digital transformation journey to the cloud. You can read more about these offerings in the blog, “Three reasons why Windows Server and SQL Server customers continue to choose Azure.” In this blog, we will go over some of the new features added to Microsoft Azure Migrate and Azure Site Recovery that will help you in your lift and shift migration journey to Azure.
Azure Migrate allows you to discover your on-premises environment and plan your migration to Azure. Based on popular demand, we have now enabled Azure Migrate in two new geographies, Azure Government and Europe. Support for other Azure geographies will be enabled in future.
Below is the list of regions within the Azure geographies where the discovery and assessment metadata is stored.
Geography Region for metadata storage United States West Central US, East US Europe North Europe, West Europe Azure Government U.S. Gov Virginia
When you create a migration project in the Azure portal, the region for metadata storage is randomly selected. For example, if you create a project in the United States, we will automatically select the region as West Central US or East
Every platform has limits, workstations and physical servers have resource boundaries, APIs may be rate-limited, and even the perceived endlessness of the virtual public cloud enforces limitations that protect the platform from overuse or misuse. You can learn more about these limitations by visiting our documentation, “Azure subscription and service limits, quotas, and constraints.” When working on scenarios that take platforms to their extreme, those limits become real and therefore thought should be put into overcoming them.
The following post includes essential notes taken from my work with Mike Kiernan, Mayur Dhondekar, and Idan Shahar. It also covers some iterations where we try to reach a limit of 10K virtual machines running on Microsoft Azure and explores the pros/cons of the different implementations.
Load tests at cloud scale
Load and stress tests before moving a new version to production are critical on the one hand, but pose a real challenge for IT on the other. This is because they require a considerable amount of resources to be available for only a short amount of time, every release-cycle. When purchased the infrastructure doesn’t justify its cost over extended periods, making this a perfect use-case for a public cloud platform where payment
We are excited to share that a new, automated way to configure high availability solutions for SQL Server on Azure Virtual Machines (VMs) is now available using our SQL VM resource provider.
To get started today, follow the instructions in the table below.
High availability architectures are designed to continue to function even when there are database, hardware, or network failures. Azure Virtual Machine instances using Premium Storage for all operating system disks and data disks offers 99.9 percent availability. This SLA is impacted by three scenarios – unplanned hardware maintenance, unexpected downtime, and planned maintenance.
To provide redundancy for your application, we recommend grouping two or more virtual machines in an Availability Set so that during either a planned or unplanned maintenance event, at least one virtual machine is available. Alternatively, to protect from data center failures, two or more VM instances can be deployed across two or more Availability Zones in the same Azure region, this will guarantee to have Virtual Machine Connectivity to at least one instance at least 99.99 percent of the time. For more information, see the “SLA for Virtual Machines.”
These mechanisms ensure high availability of the virtual machine instance. To get the same
Azure offers built-in disaster recovery (DR) solution for Azure Virtual Machines through Azure Site Recovery (ASR). In addition to the broadest global coverage, Azure has the most comprehensive resiliency strategy in the industry from mitigating rack level failures with Availability Sets and data center failures with Availability Zones to protecting against large-scale events with failover to separate regions with ASR. A common question we get is about costs associated with configuring DR for Azure virtual machines. We have listened and prioritized.
Configuring disaster recovery for Azure VMs using ASR will incur the following charges.
ASR licensing cost per VM. Network egress costs to replicate data changes from the source VM disks to another Azure region. ASR uses built-in compression to reduce the data transfer requirements by approximately 60 percent. Storage costs on the recovery site. This is typically the same as the source region storage plus any additional storage needed to maintain the recovery points as snapshots for recovery.
You can look at this sample cost calculator for estimating DR costs for a three-tier application using six virtual machines. All of the services are pre-configured in the cost calculator. The six virtual machines have 12 Standard SSD disks and 6
Azure Availability Zones are unique fault-isolated physical locations, within an Azure region, with independent power, network, and cooling. Each Availability Zone is comprised of one or more datacenters and houses infrastructure to support highly available, mission critical applications with fault tolerance to datacenter failures. For IaaS applications running on Azure Virtual Machines, you can build high availability into your business continuity strategy by deploying multiple virtual machines (VMs) across multiple zones within a region. In doing so, VMs are physically separated across zones, and a virtual network is created using load balancers at each site. These locations are close enough for high availability replication, so your applications stay running, despite any issues at the physical locations.
On rare occasions, an entire region could become unavailable due to major incidents such as natural disasters. Non-transient, large scale failures may exceed the ability of high availability (HA) features and require full-fledged disaster recovery (DR). Today, we are announcing the support for disaster recovery of virtual machines deployed in Availability Zones to another region using Azure Site Recovery (ASR). You can now replicate and failover zone pinned virtual machines to other regions within a geographic cluster using Azure Site Recovery. This new capability
The Microsoft Azure Dedicated Hardware Security Module (HSM) service provides cryptographic key storage in Azure and meets the most stringent customer security and compliance requirements. This service is the ideal solution for customers requiring FIPS 140-2 Level 3 validated devices with complete and exclusive control of the HSM appliance. The Azure Dedicated HSM service uses SafeNet Luna Network HSM 7 devices from Gemalto. This device offers the highest levels of performance and cryptographic integration options and makes it simple for you to migrate HSM-protected applications to Azure. The Azure Dedicated HSM is leased on a single-tenant basis.
Key benefits Migrate HSM-protected applications: The Gemalto HSM model uses hundreds of applications such as Oracle DB TDE, Active Directory Certificate Services, Apache/NGINX TLS offload, and your own applications that have integrated with SafeNet HSMs over the last 15 years. This makes it easy for you to migrate applications to Azure Virtual Machines or run hybrid topologies spanning across Azure and on-premises. It can also be used to back up keys on-premises. Once your applications have migrated to Azure, you will achieve low latency (single-digit millisecond) and high throughput for cryptographic operations (10,000 RSA-2048 tps). Azure Dedicated HSM supports up to ten partitions
Azure Hybrid Benefit (AHB) for SQL Server allows you to use on-premises licenses to run SQL Server on Azure Virtual Machines. If you have Software Assurance, you can use AHB when deploying a new SQL VM or activate SQL Server AHB for an existing SQL VM with a pay as you go (PAYG) license. Bring your own license (BYOL) SQL Images on Azure Marketplace should be used to implement SQL Server AHB when deploying a new SQL VM. However, if you already have a SQL VM with a PAYG license, activating AHB currently requires re-deploying the VM with BYOL SQL image.
Today, we are revealing a new, simple way to activate SQL Server AHB on Azure VM with SQL VM Resource Provider. SQL VM resource provider is a new Azure resource provider, Microsoft. SqlVirtualMachine, that supplies SQL Server configurations for an Azure VM as a resource that can be deployed and managed through Azure Resource Manager. This new infrastructure brings a backend management service for SQL Server on Azure VM including dynamic updates of SQL Server settings such as license type. To activate SQL Server AHB for an existing PAYG SQL VM, simply create a Microsoft. SqlVirtualMachine/SqlVirtualMachine type resource for
SQL Server on Azure Virtual Machines is a cost-effective lift and shift method to run SQL Server on Microsoft Azure with full control of the version, edition of SQL Server, operating system, and VM size. Today, we are revealing a new Resource Provider called Microsoft.SqlVirtualMachine, a management service running internally on Azure clusters to handle SQL Server-specific configurations and deployments on Azure VMs. SQL VM resource provider enables dynamic updates of SQL Server metadata and orchestrates multi-VM deployments required for SQL Server HADR architectures. SQL VM resource provider also enables SQL Server specific browse and monitoring experiences.
With SQL VM resource provider, we are introducing three new resource types:
Microsoft.SqlVirtualMachine/SqlVirtualMachine represents SQL Server configurations on an Azure VM. Once created, it links to the existing VM resource with the VirtualMachineResourceId property and gets SQL Server configurations from SQL IaaS Extension properties. SqlVirtualMachine resource type has a property to represent the SQL Server License type. By setting the SQL Server License type to AHUB or PAYG, the SQL Server license can be dynamically updated even after the VM instance is deployed without any downtime. Microsoft.SqlVirtualMachine/SqlVirtualMachineGroup represents a group of SQL VMs that will participate in an HADR architecture. Today we support
This blog post was authored by Mine Tokus, Senior Program Manager, COGS Data – SQL DB.
We recently published “Storage Configuration Guidelines for SQL Server on Azure VM” on the SQL Database Engine Blog summarizing the test findings from running TPC-E profile test workloads on premium storage configuration options. We continued this testing by including Ultra SSD. Ultra SSD is the new storage offering available on Microsoft Azure for mission-critical workloads with sub-millisecond latencies at high throughput. We will summarize the test details and findings in this blog.
We used DS14_v2 VM with 16 cores, 112GB memory and 224GB local SSD for this test. This virtual machine (VM) is capable of scaling up to 51,200 uncached IOPS and 64,000 cached and temporary IOPS. We selected a TPC-E workload representative OLTP app in e-commerce/trade space as the test workload. Our test workload drives a similar percentage of read and write IO activity.
Size vCPU Memory: GiB Temp storage (SSD) GiB Max cached and temp storage throughput: IOPS/MBps (cache size in GiB) Max uncached disk throughput: IOPS/MBps Standard_DS14_v2 16 112 224 64,000/512 (576) 51,200/768 Premium Storage Configuration
For Premium Storage Configuration, we added 10 -P30 disks and enabled RO cache for all