Monthly Azure news – May 2020
As a team passionate about Azure Cloud engineering, we have decided to feature monthly Azure news published by Microsoft Azure on our white duck blog. Our consolidated Azure news will focus on the development of cloud-native applications. The announcements for the month May are here and you can expect a series of updates for the year 2020 on our blog. For all those who are eager to learn more – stay tuned!
1. Azure Key Vault service enhancements now available
Azure Key Vault is a unified service for secret management, certificate management, and encryption key management, backed by FIPS-validated hardware security modules.The newest improvements include:
- Improvement of security with Private Link – with Private Link it is now possible to only expose your Azure Key Vault into your virtual network. This increases the security because your Azure Key Vault won’t be exposed to the public internet anymore. The Private Link integration is enabled with an optional control. Traffic between your virtual network and Key Vault functions over the Microsoft backbone network, in that way providing more assurance.
- More choices for BYOK – Azure Key Vault provides you with the possibility to bring your own key to even further secure of your secrets. Besides nCipher nShield HSMs, you can now use SafeNet Luna HSMs or Fortanix SDKMS to generate your keys. These additions are in preview though.
- Rotation of secrets is now easier – Notifications for keys, secrets, and certificates enables receiving of events at each point of the lifecycle of these objects and determines custom actions. Rotating secrets on a schedule to limit the impact of credetial exposure is a frequent action. To find more details read new tutorial.
Autoscale provisioned throughput (called “autopilot mode” in preview) is a new pricing model for Azure Cosmos DB that is now generally available. With autoscale, SLAs are sustained while the service automatically and instantly scales up to a customer-specified maximum in order to prepare for sudden and unpredictable, high-throughput workloads. Autoscale excludes the need to supervise capacity and can be paired with Azure Cosmos DB free tier.
Some new features and capabilities have been offered for autoscale and are available for all APIs now. The new features offer some helpful actions: setting a custom maximum provisioned throughput level in request units (RU/s) is now possible as well as enabling autoscale on existing databases and containers, and programmatic support through Azure Cosmos DB SDKs and Azure Resource Manager. According to Microsoft Azure, Azure CLI and PowerShell support will be at your disposal soon.
3. Azure Private Link for Azure Cosmos DB now in general availability
Private Link enables private connectivity from a virtual network to Azure platform as a service (PaaS) services. It makes the network architecture simpler and enables secure connection between endpoints in Azure. Most importantly, it disqualifies the data exposure to the public internet. Using Private Link you can connect to an Azure Cosmos DB account from your virtual network via a private endpoint; moreover, you can limit access to your Azure Cosmos DB account over these private IP addresses. When combined with network security group (NSG) policies, it protects the data even more.