Build 2020 day 2, kick started on 20th May as a virtual event. On second day of the event covers tons of updates and announcements around Azure.
Following are some of the key developments.
Azure Arc enable Kubernetes clusters now in public preview
Microsoft released the public preview for Azure Arc enabled Kubernetes. This includes the Open Shift offering, across their data centers, multi-cloud, and Azure Stack Hub.
Azure Arc extends Azure Resource Manager capabilities to Linux and Windows servers, as well as Kubernetes clusters on any infrastructure across on-premises, multi-cloud, and edge. With Azure Arc, customers can also run Azure data services anywhere, realizing the benefits of cloud innovation, including always up-to-date data capabilities, deployment in seconds (rather than hours), and dynamic scalability on any infrastructure.
Azure Container Registry diagnostic logs and support for Azure Private Link and firewall generally available
Azure Container Registry logs use Azure Monitor to collect resource logs for:
- Audit registry authentication events to ensure security and compliance
- Provide a complete activity trail on registry artifacts such as pull and pull events.
Followings events are logged from the diagnostic logs
- Push Events
- Pull Events
- Untag Events
- Delete Events
Azure Private Link enhances the security of accessing the Azure Container Registry by assigning a private IP and routing traffic within customer define network. This allows to control any ingress and egress traffic.
Azure Key Vault service enhancements
Azure Key Vault is a service for secrets management, certificate management and encryption key management. Azure Key Vault is backed by FIPS validated hardware modules (HSM).
- Increased security with Private Link
- Enable to access the Key Vault through a private endpoint in the virtual network. Traffic flows between Key Vault over the Microsoft backbone network and provides enhanced assurance.
- Additional choices for BYOK (Bring Your Own Key)
- Customers who create the Key outside from Azure Key Vault and import to Azure can use additional HSM (Hardware Security Module) modules such as SafeNet Luna HSMs or Fortanix SDKMS (preview) to store the keys.
- Key rotation make more easier
- Notification of keys, secrets, and certificates when the point lifecycle has coming to end. Therefore customers can take actions based on those notifications.
Azure Monitor Enhancements
Azure Monitor provides end to end observability for applications and infrastructure in a hybrid environment. Azure Monitor can be used to monitor on-premises workloads. Azure Monitor provides out of the box telemetry and rich insights that can easily be configured and managed at scale.
- Preview of Azure Monitor Application Insights on Azure Monitor Logs workspaces.
- General availability of Azure Monitor for Azure Storage and Azure Monitor for Azure Cosmos DB.
- Preview of Azure Monitor for Azure Key Vault and Azure Monitor for Redis Cache
- Capacity reservation and CMK encryption with dedicated Azure Monitor Logs clusters for large-scale deployments.
Azure Active Directory support in Azure Database for MySQL & PostgreSQL
Azure Active Directory support for MySQL and PostgreSQL are now in general availability. This helps administrators to sign in to databases securely using Active Directory credentials and manage credentials in a central place. For consistent role management, manage database access using Active Directory groups, as well as Active Directory applications.
Few benefits of using AAD authentication
- Authentication of users across Azure Services in a uniform way
- Management of password policies and password rotation in a single place
- Multiple forms of authentication supported by Azure Active Directory, which can eliminate the need to store passwords
- Customers can manage database permissions using external (Azure AD) groups.
Azure Security Center new capabilities
Azure Security Center (ASC) provides enhanced security for Azure workloads and work as an infrastructure security management system. ASC increases the security posture of customers' data centers and provides advanced threat protection. ASC works across any cloud provider and on-premises as well.
New announcements for Azure Security Center.
- Virtual machine vulnerability assessment is now generally available
- Alert suppression rules (in preview)
- Changes to just-in-time (JIT) virtual machine (VM) access
- Custom recommendations have been moved to a separate security control
- Toggle added to view recommendations in controls or as a flat list
- Expanded security control "Implement security best practices"
- Custom policies with custom metadata are now generally available
Azure NetApp Files - New Certification, increased SLA, expanded regional availability
Azure NetApp Files is a service NetApp storage provides with partnered with Azure. Azure NetApp files provide enterprise-class, high-performance, metered file storage for the customers who required storage performance as on-premises. Azure NetApp files supported any workload types such as SAP, Oracle, Kubernetes, etc.
- Azure NetApp files SLA has increased to 99.99%
- NetApp Files is now HIPAA and FedRAMP certified
- Azure NetApp Files is now generally available in Japan East and Canada Central (the full list of regional availability)
That concludes this post on what new in Azure for the #Build2020. For similar content keep watch on this space for more updates.
Microsoft Azure MVP