Monthly Azure news – September 2020

What is new in September? white duck team is presenting you the most recent Azure updates important for this month. As there are constantly new collaborations and projects happening, you can also find some news about Docker and GitHub. Also, this month we got inspired my Microsoft Ignite and  the talks, demos, updates presented during this virtual event. For more details keep reading.

Durable Functions v2.3 is now available

The popular Azure Functions extension for defining stateful entites and workflows in a serverless environment has released version 2.3! This update introduces geo-redundancy features and long running timers and many more.

Full patch notes here.

Azure Pipelines discloses the general availability of scale-set agents

Build agents running on a scale-set are now availabe in Azure DevOps. Additionally new features were introduced to Azure Boards and Azure Test Plans:

Azure Boards

Azure Pipelines

Azure Test Plans

Working with CosmosClient in Azure Functions

Our MVP Martin Brandl released a new blog post about working with the Azure Cosmos DB.NET SDKv3 in Azure Functions. Since there is no input binding by default you have to become a little bit creative and Martin shows you how to get started making it work!

Azure introduces the support of Azure Private Link for Azure Data Factory. It is now possible to integrate the Data Factory service as a private endpoint in the customer’s Virtual Network simplifying the network architecture and security between endpoints since there’s no public data exposure anymore.

Azure Blob versioning is now generally available

Azure Storage has introduced Blob versioning. It is now possible to activate versioning for blobs which maintains previous versions of blob objects and identifies them with version ID’s. Besides listing all different versions of a blob you are now able to roll back to previous versions if needed.

This feature is free of charge and only the additionally needed space is charged.

Manage your Azure & Amazon Web Services (AWS) spending in a single location with Azure Cost Management + Billing

Azure Cost Management now offers a Billing connector for AWS so you can manage Azure and AWS costs from a single dash board.

GitHub now offers Container Registry

Now available as a public beta, GitHub Container Registry improves handling containers within GitHub Packages. The new capabilities introduced enable you can better enforce access policies, support usage of a standard base image, and promote innersourcing through easier sharing across the organization.

The Azure CLI experience now available in Desktop Stable

Docker and Microsoft made it easier to deploy containerized applications  from the Desktop to the cloud with Azure Container Instances (ACI). In June this year the first version of this as part of a Desktop Edge was released that allowed users to use existing Docker CLI commands straight against ACI. This enabled starting containers in the cloud simpler than ever before.

The Docker and ACI integration has shifted into Docker Desktop stable 2.3.0.5 providing all Desktop users with an access to the simplest way to get containers running in the cloud. In order to get started with the new Azure ACI experience, download Docker Desktop 2.3.0.5 and try out the experience yourself and check the link for more details.

Announcing Application Insights .NET SDK version 2.15

Application Insights SDK forms an integral part of Azure Monitor – it provides you with the ability to collect and send telemetry data across various application components to Azure Monitor. In this regard, the new release of the newest Application Insights .NET SDK version 2.15 has been announced. This release is directly in response to customer feedback and introduces a new set of features and bug fixes.

Now in preview – how to simplify your financial reporting with cost allocation

As Ben Shy worte in his blog post, it can be really demanding to manage your cloud costs. It is even more challenging if your need to reduce costs for internal chargeback, and when you employ shared services to reduce costs. In such cases are Azure Cost Management + Billing’s cost allocation preview for Enterprise Agreement (EA) and Microsoft Customer Agreement (MCA) accounts important. Cost allocation is the way how you divide and distribute costs throughout the organisation. Cost allocation is usually performed by identifying the shared services being used, pinpointing which business units or projects are utilizing those services, and determining how costs should be split across each. It is useful to know when cost allocation is useful for your organization – there are several cases that need to be taken into consideration:

  • Networking—Multiple virtual machines (VMs) are using the same network infrastructure. Currently central IT covers these network costs as overhead, but there’s a desire to reduce that overhead and allocate those costs back to the departments or applications using them, driving more accountability of the full costs they’re incurring with their respective solutions. With cost allocation you can distribute the costs back to the departments or applications.
  • Database and storage accounts—Over time, separate teams created different database servers or storage accounts for separate (and sometimes related) needs. In an effort to optimize costs, these were consolidated to a single server or account. Now, since usage is tracked and billed at a server or account level, you don’t have the same attribution by application. With cost allocation you can assign costs to each department, application, or end customer for the data they’re storing.
  • Inconsistent reporting—Managing costs for shared services isn’t a new problem. Some organizations built internal solutions or worked with partners to accomplish the goal. While this gives you the distribution of costs, you may see complaints about costs reported in the Azure portal not matching those within internal reports, which account for external cost allocation rules. This inconsistency can lead to unexpected costs within each team, additional internal support costs by central IT, and general frustration across the board. With cost allocation, everyone can have full transparency for the costs they’re responsible for, regardless of whether they’re incurred directly or indirectly, according to the author.

If any of these circumstances sound familiar, check how cost allocation can help you achieve your financial operations (FinOps) goals with no fuss. To read the complete Ben’s post click HERE.

Scalable security practice with Azure Lighthouse and Azure Sentinel

Microsoft announced the preview of the connector for Azure Cost Management + Billing in 2019. The advantage of the connector for Azure Cost Management + Billing is that it allows customers to analyze their Azure and AWS spend from a single pane of glass in the Azure Portal. According to Microsoft, this feature is now generally available. This new connector enables simplified handling of different cost models and numerous billing cycles so you can visualize and always track your spend across clouds.

Instructions for setting up the connector

Only few steps are required to complete setup:

  1. Setup and configure an AWS cost and usage report in the AWS portal.
  2. Create a role and policy in AWS, which provides Azure Cost Management with access as well as permissions proving organization API access and cost explorer API access.
  3. Set up the AWS connector in Azure Cost Management + Billing. For more details follow the link.

Azure Artifacts billing changes coming in October 2020

There are a few upcoming changes regarding the billing experience for all Azure Artifacts customers. Here are the most important differences:

  • First, there is one rather minor change – Previous features and documentation refer to artifact storage in gigabytes (GB), even though on the backend all values have always been calculated in gibibytes (GiB). There is no impact or change to your usage numbers, or amount billed.
  • Charging for packages only: Previously, all packages and symbols were counted in your Azure Artifacts billed cost. Microsoft will be deferring billing of symbols to a later time, and you will be billed for packages-only, starting immediately. This will include all packages (npm, NuGet, Python, Maven, and Universal Packages), including those stored from upstream sources.
  • Unified pricing model: you may remember seeing in-product and via email that organizations created prior to May 2019 will shift from per-subscription pricing to per-storage usage pricing. This switchover will be available from Nov 1st, 2020 and all customers from that point on will all be consolidated onto the same per-storage usage pricing model, and only charged for packages.
  • Automatic billing tier switchover – Previously, within the Organization Settings ==> Billing tab, you were able to choose from 6 different usage tiers for Azure Artifacts. It will be changed to only have two options, “Up to 2 GiB free” and “No limit, pay for what you use”.
  • Usage limits and blocking upon upload – after Oct 5th, 2020 will be important to observe the situation as you will be transitioned onto the “No limit” tier, it is possible that you will go over your previously set usage limit. If you are set to and over the free 2 GiB limit tier: You will be blocked from making additional uploads on packages, with the error message. Moreover, to unblock your workflows, you need to update your usage tier to “No limit, pay for what you use”.
  • For all the details check the link.

GA: Azure Kubernetes Service mutate default storage class feature

AKS offers now the use of different storage classes for individual workload scenarios. Those storage classes work similar to Azure Storage SKUs.

Visit the official Kubernetes documentation and Azure documentation to figure out how to utilize storage classes.

GA: Azure Kubernetes Service support for new base image Ubuntu 18.04

The Long Term Support Ubuntu 18.04 is now available for use as a Node Operating System for AKS. New Node pools on Kubernetes v1.18 or greater will default to Ubuntu 18.04. Previous Kubernetes versions will be updated to Ubuntu 18.04 when updating Kubernetes to v1.18 or greater.

Public preview: Azure role-based access control (RBAC) for Kubernetes authorization

Azure role-based access control (RBAC) is now available as identity provider and access control system for Kubernetes authorization. You can define how users should be authorized, for example when RBAC for AKS is enabled Azure AD users are validated by Azure RBAC while Kubernetes accounts are validated by Kubernetes RBAC.

GA: Policy add-on for Azure Kubernetes Service

Until now governance and compliance across Kubernetes resources could cause some trouble and headaches. To solve this Microsoft released a preview for Azure Policy add on for Azure Kubernetes Service (AKS). This works similar as Azure Policy for ARM templates but goes beyond the ARM level and is targeting Kubernetes resources.

Some use cases you could use Azure Policies for:

  • Audit and enforce capabilities inside AKS clusters on Kubernetes resources
  • Set policies on pods, namespaces, and ingress to conform to company compliance
  • Generate compliance audit reporting across multiple AKS clusters
  • View a green, yellow, red non-compliant report from Azure portal for quick scans.

To activate Azure Policy for AKS you have to enable and opt-in for this feature. This article HERE describes how it’s done.

Azure Resource Mover is now in public preview

Microsoft releases a new service for moving Azure resources between regions, called Azure Resource Mover, as public preview. It provides a single hub for all your moving needs across regions. It identifies dependencies between resources you want to move and due this reduces time and complexity of big moving tasks. Further you can use Azure Resource Mover for the testing of moving scenarios.

Following resource type are currently supported by Azure Resource Mover:

  • Azure VMs and associated disks
  • NICs
  • Availability sets
  • Azure virtual networks
  • Public IP addresses
  • Network security groups (NSGs)
  • Internal and public load balancers
  • Azure SQL databases and elastic pools

Learn more here.

Public preview: AKS start/stop cluster feature

It is now possible to start and stop AKS clusters! Until now you had to delete and redeploy a cluster and all workloads to save costs. This public preview feature keeps the cluster configuration in place and allows to restart them without reconfiguring the clusters. This feature is availabe as Azure CLI commands.

Read how to use them HERE.

Azure Cognitive Search – Managed identity support and Private Endpoints are GA

Azure Cognitive Search now supports outbound private endpoint connection in order to securely access data from such “locked in” data sources which are only accessible from specified virtual networks via indexers. Further Managed Identities are now supported providing Azure Cognitive Search with the ability to use AzureAD and RBAC mechanism instead of connection string credentials.

Blazor and C# APIs now supported in Azure Static Web Apps

Azure Static Web Apps are an Azure service that builds and deploys full stack web apps with integrated features such as custom domains, free SSL certificates, global content distribution, and authentication to Azure from a GitHub repository.

Static Web Apps overview

With the newest update Static Web Apps now support Blazor and C# APIs and Python.

Azure Arc enabled data services now in preview

A new service, Azure Arc, was announced and released as a preview which enables running Azure data services on-premises, edge and multi-cloud using Kubernetes. This enables cloud benefits like automation and elastic scaling and the use of Azure security and governance tools like RBAC, Policies and Azure Security Center.

Currently Azure Arc supports SQL Managed Instance and PostgreSQL Hyperscale with other service still to come over time.

Public preview: Azure Kubernetes Service support for Kubernetes 1.19

AKS now supports Kubernetes release 1.19 in public preview. Kubernetes release 1.19 includes several new features and enhancements such as support for TLS 1.3, Ingress and seccomp feature GA, and others.

Read the documentation and/or visit Github to learn what’s new.

Microsoft Ignite

It was a delightful experience to be able to follow all the recent news and updates on Azure, cloud, modern work and the future of businesses from the coziness of our homes. Microsoft has proven again that we can work on ourselves, strive for more and help our communities even in the challenging times. white duck team looks forward to further similar experiences and events!

Microsoft Ignite