Azure in 2018: The Year in Review
As we head towards the end of the year, I wanted to take a look back over all the Azure updates and announcements we have seen throughout this year and review some of the highlights.
Based on the data from the Azure Updates site, we have seen 842 updates and announcements throughout the last year. As you might expect we’ve seen the number of announcements increase month on month, up to the big announcement windows of Build and Ignite.
We can’t cover all 842 announcements here, so instead let’s take a look at some of the highlights (at least from my perspective) of the year, and the areas that if you’re not already aware of, you might want to look into. I am sure there are things I have missed, or not highlighted, feel free to bring them up in the comments! I’m also only covering the main Infrastructure, PaaS and Serverless announcements here, areas such as big data and IoT are not something I’ve kept up enough with this year to be able to summarise.
2018 Announcements Highlights
Compute
- New VM Sizes - We saw a few new VM sizes added this year. Two new N series GPU machines (NDv2 and NVv2) as well as new HPC machines (HB and HC).
- Confidential Computing - 2018 saw an expansion of the preview for confidential compute, combining VM SKUs, security hardware and development APIs to make secure computing in Azure easier
- SSD Updates - We got two new SSD options for Azure VMs this year. First, we have standard SSD’s offering a cheaper alternative to premium storage, but with a lower SLA, these are now GA. Secondly, Ultra SSD’s with super fast performance, at a pretty high cost are in preview.
- Larger Managed Disks - As well as faster drives we also saw an increase in the sizes of managed disks, with disks now going up to 32TB.
- Low Priority VM Scale Sets - it is now possible to create VM scale sets using low priority VMs provided from spare capacity in Azure. These VMs are significantly cheaper but at risk of being removed during use if this capacity is needed.
- Serial Console GA - This had been in preview for a while, but the ability to access a serial console for your VM in the portal, to troubleshoot boot issues, is now Ga. This works for both Linux and Windows.
- Shared Image Gallery - This year saw a preview of this service to be able to share custom images in the saw way gallery images are shared.
Networking
- Accelerated Networking GA - This has been around in preview and limited machine SKUs for a while, but has now gone GA on a much wider range of machines. If your VM SKU supports this, there is no reason not to use it.
- Service Endpoints - These provide the long-awaited ability to lock down access to PaaS resources to specific virtual networks or on-premises networks. The initial release saw Storage and SQL support this service, but we have now seen it rolled out to Cosmos DB, KeyVault, Service Bus, Event Hubs and SQL Data Warehouse.
- Global vNet Peering - It’s been possible to peer vNets in the same region for a while, but this much anticipated updated allowed for peering across regions.
- Azure Firewall - It feels like this service has been missing for some time, so it was good to finally see the introduction of a stateful inbound and outbound firewall
- Virtual WAN - Alongside Azure Firewall we saw the introduction of virtual WAN, to use Microsoft’s backbone network to connect branch offices and remote locations.
- Front Door - This is a brand new service, but one that has been in use in Microsoft internally for some time. Front door provides local points of presence, SSL offloads, HTTP load balancing, security and other services for your global services.
- Application Gateway Updates - We saw new v2 SKUs for Application Gateway (and WAF) which provide significantly improved performance, including improved update times.
- Public IP Prefixes - If you need a contiguous range of Public IP’s you can now get this through IP Prefixes.
Storage
- Storage Encryption with Customer Key - It’s now possible to encrypt your storage accounts using a key your managing rather than Microsoft.
- Azure Files Snapshots - Snapshots allow for taking a point in time backup of Azure Files shares that allows for restoring of individual files of whole shares.
- Immutable Blog Storage - Write Once, Read Many storage using Azure Blob storage, this has been critical for many legal and regulatory requirements.
- Azure AD Auth for Blob and Queues - This preview enables using Azure AD credentials to authenticate to blob and queue storage rather than needing to use storage keys or SaS keys.
- Azure AD Auth for Azure Files - Similar to blob storage this allows for Azure AD auth to Azure files, but this feature requires the use of Azure AD Domain Services
- Larger & Faster Azure File Shares - Increase in size of shares up to 100TB and 10,000 IOPS/300 MB/s throughput
- Premium Azure File Shares - Further increases in throughput up to 100,00 IOPS and 5GB/s throughput
- New Azure Databox SKUS - If you need to import large volumes of data into Azure, the Azure Databox product adds new SKUs for larger imports (up to 1PB) and data transformation using Databox Edge and Gateway.
Serverless and Containers
- Azure Functions V2 GA - Functions V2 offers much better performance, more languages and better extensibility. We also saw improved developer experience and integration with things like application insights.
- Azure Event Grid GA - The event delivery platform went GA at the beginning of the year. As the year has gone on, we have seen more publishers and handler added.
- AKS GA - We saw AKS go GA in the summer, to become the default offering for Kubernetes in Azure, later in the year we saw the deprication of ACS which is being replaced by AKS.
- Service Fabric Mesh - This year saw a preview of the completely serverless version of Service Fabric, Mesh. This initial preview is reasonably limited but shows promise.
- Improvements in Azure Container Registry - There have been many improvements to ACR this year, including integration of Helm repos, ACR Tasks for container building, support for OCI image format, and content trust.
- AKS Virtual Nodes - Towards the end of the year we saw a preview of the ability to use virtual nodes in AKS to create an unlimited number of pods, utilising Azure Container Instances at the back end.
- Azure Container Instances Improvements - earlier in the year we saw ACI go GA, then later at Ignite we saw a preview of the ability to add (Linux only) ACI instances to your virtual network, a long-awaited feature.
- Improved Containers in Web Apps - We saw the ability to run containers in Web Apps improved with the ability to run multiple containers and a preview of Windows Container support
Databases
- Azure SQL Managed Instances - This service, providing the ability to run SQL instances fully compatible with on-prem SQL, is something that had been talked about for some time, but is now available in limited regions.
- GA for MYSQL and PostgreSQL - The two most popular open source databases can now be run as native PaaS service is in Azure
- Database Migration Service - This new service helps move from on-premises SQL into Azure SQL
- Elastic Database Jobs - The name may sound familiar, as the service has existed previously, but this has been replaced with an entirely cloud-based solution for running scheduled or on-demand jobs against your Azure SQL databases.
- Cosmos DB Multi-Master Support - This eagerly awaited feature adds elastic sale and geo-redundancy to writes as well as reads.
- Cosmos DB Affordability Changes - The addition of a smaller, cheaper SKU and the ability to share resource units across multiple collections makes Cosmos DB more affordable for smaller use cases.
Operations, Management & Governance
- Azure Alerts Update - We saw the new Azure Alerts experience, providing a solution integrated with the portal and able to be used across products (Log analytics, Azure Monitor, Service Health).
- OMS Portal Deprecation - With the final features of the OMS portal now being integrated into the Azure portal it was finally time to deprecate this old, tired looking portal.
- Unification of Monitoring - There has been a move this year to try and unify all the monitoring and operations services in Azure under the heading of Azure Monitor. How successful this will be I think we will find out this year
- Subscription Level Deployments - We saw the addition of the ability to deploy resources that exist at the subscription level using ARM templates, primarily Resource Groups and Policies.
- Azure Terraform Resource Provider - We also saw an interesting new feature added to ARM templates, the ability to use Terraform resources in our ARM template. This provider is limited to specific resources (Kubernetes, Cloudflare and DataDog at this point).
- Azure Blueprints - This new governance feature allows you to define a template for deploying new subscriptions, which automatically include pre-defined resources, configurations and policies.
- Azure Resource Graph - This new tool gives you an easy way to explore your Azure resources and understand more about your estate.
- Azure Management Groups - Management groups allow you to group your subscriptions and apply RBAC permissions and Policies at the resource group level.
Security
- Managed Identity - We saw the introduction of managed identity, allowing you to configure an identity for Azure resources to be able to communicate with other resources. This included both system assigned and user-assigned identities.
- Secure Score - Azure Security Centre now provides a single score to provide a visual indication of the security of your subscriptions
- Azure DDoS Standard - DDoS Standard provides additional protection above and beyond the basic protection offered to all Azure users.
- Security Centre Support for Custom Assessments - This update allowed for editing, disabling or creating new rules for OS hardening.
- Security Centre Support for App Service - Security Centre can now monitor and alert on security threats to your app service instances.
2019 Wish List
We’ve looked back at this year’s highlights, so let’s look forward now to 2019. I’m sure we will see lot’s of new products and improvements to existing ones, here are some things that are on my wishlist to appear in 2019 (no NDA information here, just things I would like to see) :
- Better monitoring story - there are still too many different products available for monitoring Azure services (Log Analytics, Azure Monitor, App Insights, Service Health etc.), too many overlaps between these services, and large gaps where things are not monitored well. I want to see 2019 be the year that this gets sorted out and we get a cohesive monitoring story
- AKS support for Windows - Obviously a lot of this is dependent on upstream Kubernetes, but hopefully, this is the year we see Windows support make it into AKS. This is vital to being able to modernise some legacy Windows apps at least partially
- Expansion of the Virtual Node concept to provide a full PaaS offering for Kubernetes in Azure. I don’t want to manage servers if I don’t have to!
- Continued expansion of Managed Identity, so we can use this anywhere we need to provide applications access to Azure services.
- Expansion of the Azure Files AAD integration to no longer require the use of AAD DS
- On the subject of AAD DS, I would like to see it finally support the ability to deploy to multiple regions and multiple instances
- I’d like to see Azure Front Door implement the full range of OWASP rules currently supported by App Gateway; this would then provide a great PaaS solution for protecting Azure Web Apps, where it is a pain to deploy App Gateway
- Azure Firewall was a great new solution for 2018, but if you’re implementing many firewalls, it can be a pain to manage rules on each different instance. I would like to see a way to manage these rules centrally.
I’m sure 2019 will bring lot’s of exciting new services and features, and probably lot’s of frustrations and issues as well, but that is the fun of working with the ever-evolving cloud. Here’s to a fun and exciting year, happy new year!
Image Attribution
Fireworks flickr photo by Lens_Flare shared under a Creative Commons (BY-NC) license