Episode 341 - What are CSAs

by Cynthia Kreng August 5, 2020

Microsoft Senior Cloud Solutions Architect, Levi Romandine, shares his experiences working with Hi-tech customers in Silicon Valley. He explains the role of the CSA and talks about some of the challenges these customers encounter when moving to Azure.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode341.mp3

 

Other updates:

https://azure.microsoft.com/en-us/blog/creating-cloud-ready-environments-with-azure-landing-zones/

https://azure.microsoft.com/en-us/updates/azure-hdinsight-now-supports-virtual-network-service-endpoint-policies/

https://azure.microsoft.com/en-us/updates/nfs-30-support-for-azure-blob-storage-is-now-in-preview/

Keywords:

Filed Under: Podcast

Episode 340 - Messaging Services

by Sujit D'Mello July 28, 2020

Azure has a number of top-notch messaging services in Event Grid, Event Hubs, Service Bus, IoT Hub, Relay etc. It can be confusing at times as to which one is the right one for the job. Luckily for us we have the expert in the field, Principal Azure Architect Clemens Vasters, to help us sort through the various options. He gives is very clear guidance on which service should be used for various use-cases in this very insightful episode.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode340.mp3

 

Other updates:

Migrate to the cloud with confidence
https://azure.microsoft.com/en-us/blog/migrate-to-the-cloud-with-confidence/
MS Inspire!
https://myinspire.microsoft.com/

 

Keywords:

Filed Under: Podcast

Episode 339 - Durable Functions

by Sujit D'Mello July 25, 2020

Chris Gillum, an Engineering Manager in the Azure Serverless team, talks to us about the value of Durable Functions in serverless computing. He explains the underlying architecture of the Azure Serverless Architecture and how and why Durable Functions play a role in an application design. 

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode339.mp3

Resources: https://docs.microsoft.com/en-us/azure/azure-functions/durable/

 

Other updates:

Azure Data Factory Managed Virtual Network
https://azure.microsoft.com/en-us/blog/azure-data-factory-managed-virtual-network/
Announcing the general availability of Azure shared disks and new Azure Disk Storage enhancements
https://azure.microsoft.com/en-us/blog/announcing-the-general-availability-of-azure-shared-disks-and-new-azure-disk-storage-enhancements/
AMD-based memory-optimized Azure virtual machines now available in more regions
https://azure.microsoft.com/en-us/blog/amd-based-memory-optimized-azure-virtual-machines-now-available-in-more-regions/

Introducing the Microsoft Azure Well-Architected Framework
https://azure.microsoft.com/en-us/blog/introducing-the-microsoft-azure-wellarchitected-framework/

 

 

Keywords:

Filed Under: Podcast

Episode 338 - ADLS Gen 1 to Gen 2

by Evan Basalik July 20, 2020

Principal PM in the Azure PG, Rukmani Gopalan joins us on the continuing discussion on ADLS. This time we focus on migration from Gen 1 to Gen 2. Rukmani gives us the background behind the two services and how and why you should migrate.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode338.mp3

Here are some resources that help you learn more about ADLS Gen1 to ADLS Gen2 migrations.

Plan your data lake migration from ADLS Gen1 to ADLS Gen2

ADLS Gen1 to ADLS Gen2 migrations – samples with step by step instructions

 

Other updates:

Revocation of non-compliant Certificate Authorities potentially impacting customer’s Azure service(s).
Published date: July 15, 2020
Certificate Authority (CA) Browser members recently published reports detailing multiple certificates issued by CA vendors that are used by Microsoft customers, as well as the greater technology community, that were out of compliance with industry standards for publicly trusted CAs. The reports regarding the non-compliant CAs can be found here: 
1. Bug 1649951
2. Bug 1650910
As per standard compliance requirements, CA vendors began revoking non-compliant CAs and issuing compliant CAs which require customers to re-issue their certificates. Microsoft is partnering closely with these vendors to minimize the potential impact to Azure Services, however self-issued certificates or certificates used in “Bring Your Own Certificate” (BYOC) scenarios are still at risk of being unexpectedly revoked. 

From <https://azure.microsoft.com/en-us/updates/certificateauthorityrevocation/>


Azure Partner Zone brings new resources and special events for Partners
https://azure.microsoft.com/en-us/blog/azure-partner-zone-brings-new-resources-and-special-events-for-partners/
Azure Monitor for SAP Solutions is now in preview
https://azure.microsoft.com/en-us/blog/azure-monitor-for-sap-solutions-is-now-in-preview/
Azure Maps Power BI visual now in preview
https://azure.microsoft.com/en-us/blog/azure-maps-power-bi-visual-now-in-preview/

Powerful Devs Conference
https://powerfuldevsconf.splashthat.com/

Keywords:

Filed Under: Podcast

Episode 337 - Azure Data Lake Storage - Multi-Protocol Access

by Cynthia Kreng July 10, 2020

The team is joined by Stephen Wu from ADLS to talk about how the ADLS Gen 2 team is working to simplify the Storage conversation for Azure customers by driving for feature parity with Blob Storage.

 

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode337.mp3

Resources: https://azure.microsoft.com/en-us/updates/static-website-for-azure-data-lake-storage-now-in-public-preview/

 

Other updates:

Azure Monitor for Key Vault is now in preview
Published date: June 24, 2020
Get comprehensive monitoring of your key vaults along with a unified view of your Azure Key Vault performance, requests, failures, and latency by using Azure Monitor for Key Vault (in preview).
Built on the Azure Monitor Workbooks platform, Key Vault insights offers:
• At-scale perspective displaying a snapshot view of performance based on the requests, breakdown of failures, and an overview of the operations and latency.
• Drill-down analysis of a particular key vault to perform detailed analysis.
• The ability to customize—Change which metrics you want to see, modify or set thresholds that align with your limits, and save your own workbook.
• The ability to pin charts in the workbook to Azure dashboards.
• Integration with Azure Monitor Logs for additional data on your Azure Key Vault activity.

From <https://azure.microsoft.com/en-us/updates/kvi/>


https://azure.microsoft.com/en-us/updates/azure-cli-june-2020-update/
  ->23 new services including Synapse, Peering, Databricks

 

Azure Storage 200 TB block blob size is now in preview
Published date: June 30, 2020
Azure Blob storage provides massively scalable object storage for workloads including application data, HPC, backup, and high-scale workloads. We’ve increased the maximum size of a single blob from 5 TB to 200 TB, now available in preview.
The increase in blob size better supports use cases from seismic data processing to genomics that require support for multiple object sizes.
To support the 200 TB blob size, we’re increasing the maximum allowable block size from 100 MB to 4,000 MB and maintaining support for up to 50,000 blocks in a single blob. The 200 TB blob size is available for preview in all Azure public regions with hot, cool, and premium tiers. There are no billing changes. 

From <https://azure.microsoft.com/en-us/updates/azure-storage-200-tb-block-blob-size-is-now-in-preview/>

 

Azure AI: Build mission-critical AI apps with new Cognitive Services capabilities
https://azure.microsoft.com/en-us/blog/azure-ai-build-missioncritical-ai-apps-with-new-cognitive-services-capabilities/

Reimagining virtual collaboration for the future of work and learning
https://www.microsoft.com/en-us/microsoft-365/blog/2020/07/08/reimagining-virtual-collaboration-future-work-learning

Easily add voice commands to your apps with Custom Commands
https://techcommunity.microsoft.com/t5/azure-ai/easily-add-voice-commands-to-your-apps-with-custom-commands/ba-p/1503443
Form recognizer GA
https://azure.microsoft.com/en-us/services/cognitive-services/form-recognizer/

Azure LB insights using azure monitor for networks
https://azure.microsoft.com/en-us/updates/introducing-azure-load-balancer-insights-using-azure-monitor-for-networks/

Azure firewall manager GA
https://azure.microsoft.com/en-us/updates/azure-firewall-manager-is-now-generally-available/

 

Keywords:

Filed Under: Podcast

Episode 336 - Microsoft Q&A

by Evan Basalik June 28, 2020

Ryan Hill, a Software Engineer in the Azure CXP group, shares details of the new Microsoft Q&A website which serves as a one-stop for getting questions answered around Azure and other Microsoft technologies.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode336.mp3

Resources:

Supported services in QnA: https://docs.microsoft.com/en-us/answers/products/#supported-products

How to write quality question: https://docs.microsoft.com/en-us/answers/articles/24951/how-to-write-a-quality-question.html

Job postings: https://careers.microsoft.com/us/en/search-results?keywords=%23MicrosoftATL

 

Other updates:

Azure Storage account failover is now generally available
Published date: June 17, 2020
Customer-initiated Storage account failover is now generally available, allowing you to determine when to initiate a failover instead of waiting for Microsoft to do so. When you perform a failover, the secondary replica of the Storage account becomes the new primary, and the DNS records for all Storage service endpoints—blob, file, queue, and table—are updated to point to this new primary. Once the failover is complete, clients will automatically begin reading from the Storage account and writing data to it in the new primary region, with no code changes.
Customer initiated failover is available for GRS, RA-GRS, GZRS, and RA-GZRS accounts. To learn more, read the documentation.

From <https://azure.microsoft.com/en-us/updates/azure-storage-account-failover-ga/>

Azure Container Registry: Securing container workflows
https://azure.microsoft.com/en-us/blog/azure-container-registry-securing-container-workflows/
Simplifying declarative deployments in Azure
https://azure.microsoft.com/en-us/blog/simplifying-declarative-deployments-in-azure/

 

Keywords:

Filed Under: Podcast

Episode 335 - Azure Data Explorer

by Sujit D'Mello June 18, 2020

LaBrina Loving, a Cloud Architect and Software Engineer in the Commercial Software Engineering division at Microsoft, shares her recent passion with the Data Explorer service. Using a couple of real-world use-cases, she explains the rational behind the service and how developers can utilize it for a wide variety of data processing needs.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode335.mp3

Resources:

Azure Data Explorer Overview - https://docs.microsoft.com/en-us/azure/data-explorer/data-explorer-overview

Azure Data Explorer Ingestion - https://docs.microsoft.com/en-us/azure/data-explorer/ingest-data-overview
Getting started with KQL Queries - https://docs.microsoft.com/en-us/azure/data-explorer/write-queries

SQL to KQL Cheatsheet - https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/sqlcheatsheet

 

Other updates:

Azure Quota REST APIs to manage service limits (quota) are now available in preview

https://azure.microsoft.com/en-us/updates/azure-quota-rest-api-to-manage-service-limits-quota-are-now-available-in-preview/

Introducing live video analytics from Azure Media Services—now in preview
https://azure.microsoft.com/en-us/blog/introducing-live-video-analytics-on-iot-edge-now-in-preview/
Town of Cary innovates flood prediction with IoT
https://azure.microsoft.com/en-us/blog/town-of-cary-innovates-flood-prediction-with-iot/
Advancing Microsoft Teams on Azure—operating at pandemic scale
https://azure.microsoft.com/en-us/blog/advancing-microsoft-teams-on-azure-operating-at-pandemic-scale/

Azure responds to COVID-19
https://azure.microsoft.com/en-us/blog/azure-responds-to-covid19/

 

 

Keywords:

Filed Under: Podcast

Episode 334 - Windows Containers in AKS

by Kendall Roden June 12, 2020

Mikkel Hegnhoj, a Principal PM in the AKS team, shares the details about running Windows Containers in AKS, which is now GA. He gives us guidance on how to design an AKS cluster than run Windows workloads and advice on how to go about migrating our applications to this platform.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode334.mp3

Resources:

https://docs.microsoft.com/en-us/azure/aks/windows-container-cli

 

Other updates:

Azure Cosmos DB Java SDK 4.0 for Core (SQL) API release now in general availability
Published date: June 10, 2020
Azure Cosmos DB Java SDK for Core (SQL) API enables interaction with Azure Cosmos DB from Java applications. This latest SDK version 4.0 allows sending requests to Azure Cosmos DB via the recommended Core (SQL) API. The release of Azure Cosmos DB Java SDK 4.0 for Core (SQL) API includes improvements to performance, bundles Sync and Async APIs, and incorporates Paged Flux APIs. It also has built-in support for autoscale containers and analytical containers, and supports DISTINCT queries.

From <https://azure.microsoft.com/en-us/updates/azure-cosmos-db-java-sdk-40-for-core-sql-api-release-now-in-general-availability/>

 

Azure Policy support for Azure Cosmos DB is now available
Published date: June 10, 2020
Azure Cosmos DB resource governance can now be implemented with Azure Policy. Use this capability to create Azure Policy assignments based on built-in or custom policy definitions to enforce rules and effects on Azure Cosmos DB resources.
Example policy assignments include—requiring features such as Advanced Threat Protection to be enabled on Azure Cosmos DB accounts; auditing Azure Cosmos DB resources for compliance with organizational standards on throughput or other properties; or securing data by enforcing network access safeguards such as IP filter rules, virtual network endpoints, or limiting the amount of throughput (RU/s) that can be provisioned.

From <https://azure.microsoft.com/en-us/updates/azure-policy-support-for-azure-cosmos-db-is-now-available/>


Azure Kubernetes Service—Integrated application gateway feature now available
Published date: June 10, 2020
The Application Gateway ingress controller (AGIC) is now available in  preview as an add-on in Azure Kubernetes Service (AKS). Use it to easily create or attach an existing Application Gateway instance to your AKS clusters.  Use the standard Kubernetes ingress API to define your routing rules, then implement those rules using the managed Application Gateway service. Application Gateway is a scalable, reliable, and secure L7 load balancer. By using Application Gateway as the entry point to the AKS applications you won’t have to self-manage a networking tool like Nginx.

From <https://azure.microsoft.com/en-us/updates/azure-kubernetes-service-integrated-application-gateway-feature-now-available/>

 

Azure Kubernetes Service upgrade improvements are now in preview
Published date: June 10, 2020
Upgrading is a common operation required for all Kubernetes workloads. Two new Azure Kubernetes Service (AKS) upgrade capabilities that will improve the granularity and efficiency of regular Kubernetes upgrade operations are now in preview.
• Node image upgrade enables you to update node-level components such as the container runtime or OS updates without going through a full Kubernetes upgrade. Use this capability to initiate a targeted upgrade to agent nodes for a given node pool to pull the latest available node updates and patches without requiring a full cluster upgrade.
• Max surge enables faster upgrades by taking advantage of multiple new buffer nodes to concurrently replace older nodes. Instead of replacing a single node at a time, you can now customize your own max surge value per node pool to define how many concurrent replacements occur.

From <https://azure.microsoft.com/en-us/updates/azure-kubernetes-service-upgrade-improvements-are-now-in-preview/>


Plan ahead! Starting June 15, 2020, the Windows Virtual Desktop service will reject connections from unsupported clients and unsupported versions of supported clients.
 
Make sure your users are using the following versions or newer of each client.
 · Windows Desktop Client (MSRDC): 1.2.247
 · Android: 10.0.6
 · macOS: 10.3.9.1767
 · iOS: 10.1.0
 
Unsupported clients that will be blocked starting June 15th:
 · Remote Desktop Connection (MSTSC)
 · RemoteApp and Desktop Connections (RADC)

 

ION – Booting up the network
https://techcommunity.microsoft.com/t5/identity-standards-blog/ion-booting-up-the-network/ba-p/1441552

Azure Spring Cloud updates

https://azure.microsoft.com/en-us/updates/azure-spring-cloud-updates/

 

Keywords: ,

Filed Under: Podcast

Episode 333 - TLS 1.0 Deprecation

by Evan Basalik June 8, 2020

Candace Jackson, a Senior PM in the Azure Security team, give us an update on the effort to remove the use of TLS 1.0 from applications in Azure.

 

Media file:

 https://azpodcast.blob.core.windows.net/episodes/Episode333.mp3

Resources:

links:
https://www.microsoft.com/en-us/download/details.aspx?id=55266
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls


Connection logging - This help identify what cipher suites and protocols are negotiated during a successful handshake

IIS
https://cloudblogs.microsoft.com/microsoftsecure/2017/09/07/new-iis-functionality-to-help-identify-weak-tls-usage/

Nginx
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables
https://serverfault.com/questions/620123/how-can-i-let-nginx-log-the-used-ssl-tls-protocol-and-ciphersuite

Apache -
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#envvars
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#logformats

 Some resource specific documenation that shows how to configure protocol and cipher suite usage
https://docs.microsoft.com/en-us/azure/app-service/environment/app-service-app-service-environment-custom-settings#disable-tls-10-and-tls-11
Blog: https://blogs.msdn.microsoft.com/appserviceteam/2018/04/17/app-service-and-functions-hosted-apps-can-now-update-tls-versions/
https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-tls-1112
https://docs.microsoft.com/en-us/azure/cloud-services/applications-dont-support-tls-1-2

 

Other updates:

Live Video Analytics now in public preview
Updated: June 01, 2020
Live Video Analytics (LVA) on IoT Edge is now in public preview. It is a platform to capture, record, and analyze live video and publish the results (video and/or video analytics), for you to build intelligent video applications. You can use LVA for a number of use cases across industries such as retail, healthcare, and transportation. You can bring any custom AI by plugging in video analysis edge modules, whether they are Cognitive Services containers, custom edge modules built with open source machine learning models, or custom models trained with a customer’s own data. You can also combine video analysis with other business data to make smarter business decisions.
LVA integrates with a number of Azure services (in the cloud and/or the edge), such as Stream Analytics on IoT Edge, Cognitive Services on IoT Edge, Media Services, Event Hub, and Cognitive Services.

From <https://azure.microsoft.com/en-us/updates/live-video-analytics-now-in-public-preview/>

 

 
 
 NOW AVAILABLE
CNI security vulnerability in older AKS clusters and mitigation steps
Updated: June 01, 2020
A security vulnerability has been identified in the container networking implementation (CNI) in CNI plugin versions v0.8.6 and older that may affect older AKS clusters.
Details
An AKS cluster configured to use an affected container networking implementation is susceptible to man-in-the-middle (MitM) attacks. By sending “rogue” router advertisements, a malicious container can reconfigure the host to redirect part or all of the IPv6 traffic of the host to the attacker-controlled container. Even if there was no IPv6 traffic before, if the DNS returns A (IPv4) and AAAA (IPv6) records, many HTTP libraries will try to connect via IPv6 first then fallback to IPv4, giving an opportunity to the attacker to respond.
This vulnerability has been given an initial severity of Medium with a score of 6.0.
Vulnerability analysis and verification
All AKS clusters created or upgraded with a Node Image Version later or equal than “2019.04.24” are not vulnerable, as they set net.ipv6.conf.all.accept_ra to 0 and enforce TLS with proper certificate validation.
Clusters created or last upgraded before that date are susceptible to this vulnerability.
You can verify if your current Node Image is vulnerable by running: https://aka.ms/aks/MitM-check-20200601  on a machine that has CLI access to the cluster’s nodes.
Windows nodes are not affected by this vulnerability.

From <https://azure.microsoft.com/en-us/updates/cni-security-vulnerability-in-older-aks-clusters-and-mitigation-steps/>

From //build 2020 - Azure SQL Edge (preview)
https://azure.microsoft.com/en-us/services/sql-edge/


Deploy to Azure using GitHub Actions from your favorite tools
https://azure.microsoft.com/en-us/blog/deploy-to-azure-using-github-actions-from-your-favorite-tools/

 

Keywords:

Filed Under: Podcast

Episode 332 - Azure Edge Zones

by Evan Basalik June 2, 2020

Ganesh Srinivasan, a Principal PM Manager in the Azure Networking team, talks to the crew about the possibilities and scenarios when placing compute as close to the edge as possible.

 

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode332.mp3

Transcript:

Resources: https://docs.microsoft.com/en-us/azure/networking/edge-zones-overview

 

Other updates:

Service Bus Explorer on the Azure portal is now available in preview
Updated: May 26, 2020
The Service Bus Explorer tool on the Azure portal is now available in preview.
Azure Service Bus, like most other PaaS offerings, has two sets of operations that can be performed against it:
• Management operations like CRUD (create, read, update, and delete) on Service Bus namespaces, queues, topics, subscriptions, and filters.
• Data operations like send, receive, and peek on queues, topics, and subscriptions.
While management operations have always been available via the portal, our customers have used tools such as the community managed Service Bus Explorer OSS tool for the data operations. In a quest to reduce dependence on different tools needed to provision, manage, and test the Service Bus namespace, we've built support for the data operations functionality right into the portal.
To access this tool, select the namespace and the specific queue or topic within that namespace you'd like to send and receive messages from. Once there, select Service Bus Explorer (preview) from the left menu navigation pane.

From <https://azure.microsoft.com/en-us/updates/sesrvice-bus-explorer/>

Azure Backup now provides protection against accidental deletion of Azure file shares
Updated: May 27, 2020
To provide protection against cyberattacks or accidental deletion, Azure Backup has added one more level of security to the Azure file shares snapshot management solution by providing protection against the accidental or malicious deletion of backed-up file shares. Now, even if a malicious actor deletes the file share, the file share’s contents and recovery points (snapshots) are retained for a configurable retention period, allowing the successful and complete recovery of source contents and snapshots with no data loss.
When you configure protection for a file share, Azure Backup enables the soft delete feature on a storage account level with a retention period of 14 days. You can also reset the retention period setting as per your requirement. This setting determines the time window you’ll have to recover your file share contents and snapshots after any accidental delete operation. The recovery points are preserved during this duration and once you undelete the file share, backups start running successfully with no additional configuration needed.

From <https://azure.microsoft.com/en-us/updates/azure-backup-now-provides-protection-against-accidental-deletion-of-azure-file-shares/>


Streamlining your image building process with Azure Image Builder

From <https://azure.microsoft.com/en-us/blog/streamlining-your-image-building-process-with-azure-image-builder/>


Azure Maps Creator now available in preview
https://azure.microsoft.com/en-us/blog/azure-maps-creator-now-available-in-preview/

Microsoft and Docker collaborate on new ways to deploy containers on Azure
https://azure.microsoft.com/en-us/blog/microsoft-and-docker-collaborate-on-new-ways-to-deploy-containers-on-azure/

 

Keywords:

Filed Under: Podcast

Announcements

Now on Spotify! Simply search for Azure Podcast and you will find it (may need to scroll down a bit). 

Podcast Clients

You can find us on iTunes, XBOX Music, Windows Phone podcast app and in most Podcast clients on Android. Or simply use the RSS feed link above and plug it into your Podcast client.

 

Flyer

Love this podcast? Use this flyer to socialize it with your community.

Calendar

<<  October 2020  >>
MoTuWeThFrSaSu
2829301234
567891011
12131415161718
19202122232425
2627282930311
2345678

View posts in large calendar

Tag cloud