Azure in 2019: The Year in Review
As we move into 2020, it’s time to take a look back at the last year in Azure and review the new services, updates and announcements that we have seen over 2019.
As with last year, I’ve taken the data from the Azure Updates site and used this to analyse what’s been going on over the year. I am sure there have been updates and announcements happening that have not made it onto this feed, but this is the only data source that exists for tracking these things, so it’s the best metric we have currently.
Over 2019 we have seen 1050 announcements and updates published, which is 208 more than 2018. As expected, we see a significant spike in announcements in November, due to Ignite. However, an interesting data point is that we see more updates in April than we do in May when Build is occurring.
I tried to look at the areas of Azure where these updates took place, but unfortunately, a large number of entries on the update site did not have any keywords associated with them, which made this difficult. The chart below shows the breakdown of areas where they did have keywords set up.
By far, the most significant area of change was in the Azure portal. Whether this is just because that team are better at tagging their updates, or they did have a lot more updates, it is difficult to tell. But, based on this data alone, we can see that the most significant areas of change were around the portal, Azure DevOps and log analytics.
Now that we’ve seen the big picture let’s dive in and look at some of the highlights of the year.
2019 Highlights
There’s no way we can cover all 1050 updates, so I’ve picked out some areas I think are highlights for the year, either brand new services, or updates that add new functionality or solve significant issues. I’m sure I’ve missed some, so if there are areas you would like to highlight please add them in the comments.
Compute
Proximity Placement Groups - achieve co-location and low latency between your virtual machines
Azure Spot VMs - reduce your VM cost by bidding on unused capacity
Dedicated Hosts - dedicated hosts for your workloads that require consistent performance or isolation
Gen 2 Virtual Machines - supporting many new features such as increased memory, Intel SGX, UEFI BIOS and larger OS disks
Windows Virtual Desktop - VDI and App virtualisation as a service
Networking
Private Link - consume Azur PaaS service privately inside your virtual network, or publish your services to other virtual networks
Virtual WAN - bring together manager WAN services such as VPN and ExpressRoute into a single interface and virtual hub
Azure Firewall Manager - manage all your Azure Firewall instances in a single place
Express Route for Satellite - expanding the reach of Express Route to areas with limited connectivity
Azure Internet Analyzer - test application performance over the internet
Azure Peering Service - Enhance connectivity to Azure with optimized connectivity and monitoring from partner providers
Dual Stack IPv6 Support - bring your private IPv6 range to your virtual network
Storage
Change Feed Support for Blob - transaction logs of all changes in your blob account
Geo and Zone Redundant Storage - write data across multiple availability zones and replication to another region
Azure NetApp Files - use real NetApp storage devices as a PaaS service
Ephemeral OS Disks - storage for stateless workloads providing faster deployment and cost reduction
Storage Account Failover - user-controlled failover of storage accounts to another region
Wep Apps, APIM & Logic Apps
Azure Spring Cloud - host Java Spring applications in a PaaS service
Azure App Configuration - store and manage application settings centrally
No Cost App Service Certificates - free SSL certificates for Azure App Services
Self Hosted API Management Gateway - use APIM to expose your on-premises applications with low latency
Windows Server Container Support - use Windows containers to deploy to app services
Logic App Integrated Service Environment - inject a dedicated logic app environment into your virtual network
Serverless and Containers
Private AKS Clusters in Preview - lockdown an AKS cluster to be accessed only from your virtual network
Azure Functions 3.0 - the latest Azure Functions run time including the ability to target .net Core 3.1 and Node 12
Azure Container Registry Scoped Permissions - grant access to only specific repositories within and ACR registry
ACR OCI Support - store any OCI compliant artefact in ACR
Multiple node pool support for AKS - use different VM sizes and operating systems within your AKS cluster
PowerShell & Python Support in Azure Functions - first-class support for both languages in v2 functions
Azure Red Hat OpenShift - deploy OpenShift as a PaaS service managed by both Microsoft and Red Hat
Azure Functions Premium - offers more features such as configurable sizes, vNet integration and pre-warmed instances
Data Platform
Azure Synapse - brand new service evolving from SQL Data Warehouse to provide limitless analytics
Azure Data Share - easily share large data sources with any Azure user
Azure SQL Database Serverless - auto-scaling compute for Azure SQL
Reserved Capacity for MySQL, PostgreSQL, MariaDB - pay up front for reduced costs
Large Storage for MySQL, PostgreSQL - support for databases up to 16TB
Operations, Management & Governance
Azure Arc - manage resource on-premises and in other clouds from within Azure
Azure Policy for Certificates - manage certificates stored in Key Vault with Azure Policy
Azure Monitor Workbooks - use workbooks to analyse Azure Monitor data and find insights into performance, usage and availability
Azure Monitor Prometheus Integration - scrape Prometheus metrics straight into Log Analytics without the need for a Prometheus server
Azure Lighthouse - manage Azure customer subscriptions as if they were part of your tenant
Azure Policy for AKS - apply Azure policies to AKS clusters to control things like which registries can be used to pull images
AKS Virtual Node - use Azure Container Instances to provide on-demand capacity within AKS
ACR Content Trust Support - sign and store images with Docker Trust in ACR
Security
Container scanning with Azure Security Centre - scan container images for vulnerabilities
Threat Protection for AKS - monitoring of AKS clusters within Security Centre
Vulnerability Assessment in Security Centre - use Qualys vulnerability scanning as part of Security Centre standard
Custom Policies in Security Centre - create your custom policies within Security Centre
Azure Bastion - secure, managed bastion hosts for access to vNet based resource without public IPs
New Regions
Norway - Norway West and Norway East
Germany - Germany North and Germany West Central
Switzerland - Switzerland North and Switzerland West
Middle East - UAE Central, UAE North (Qatar North just announced)
South Africa - South Africa North, South Africa West
Wish List
2019 Wishes
Last year I made several wishes for what I wanted to see happen in 2019 let’s see how that worked out:
- Better monitoring story - this is a bit better, but there are still gaps in the monitoring story and too many ways to do the same thing
- AKS support for Windows - this is in preview currently, I suspect it will be in preview for a while, but we are on the way
- Expansion of the Virtual Node concept to provide a full PaaS offering for Kubernetes in Azure- virtual node was released and went GA, but we still need some VM nodes currently
- Continued expansion of Managed Identity so that we can use this anywhere we need to provide applications access to Azure services.- we saw some growth in this area, but it still needs some work, especially around AKS
- Expansion of the Azure Files AAD integration to no longer require the use of AAD DS- this was announced as a preview at Ignite
- On the subject of AAD DS, I would like to see it finally support the ability to deploy to multiple regions and multiple instances- no movement on this at all
- I’d like to see Azure Front Door implement the full range of OWASP rules currently supported by App Gateway- WAF for Front Door released
- Azure Firewall was a great new solution for 2018, but if you’re implementing many firewalls, it can be a pain to manage rules on each different instance. I would like to see a way to manage these rules centrally.- Azure Firewall Manager in preview
2020 Wishes
In addition to those wishes from 2019 that didn’t get there, here are a few more things I would like to see in 2020:
- Azure Arc expanding its ability to work with other clouds beyond just managing VM’s. I would love to see it being able to manage things like AWS Lambda or GCP App Engine
- Reducing the number of services that require dedicated subnets - nearly every service that can join a vNet requires it’s own subnet, this is a pain to manage. With the advent of private link, I hope this can go away
- Azure Policy for AKS to make it out of preview
- Repeating last years wish, to get rid of VM nodes in AKS altogether!
- To see a better deployment story for Azure Front Door - the service its self is excellent, but deploying it in production is painful
- Get parity between PowerShell, CLI and ARM - you should be able to create all Azure resources using any of these methods
- Key Vault Search - this is such a simple thing, but so annoying, I just want a search box in Key Vault in the portal so I can search for a specific secret
- Azure Blob Backup - we’ve seen the fist steps for this with the introdcution of a change feed, I hope this leads to introducting a full backup service in 2020
I’d love to hear what your wishes for the next year in Azure are; please add them in the comments.