In this post, I will summarize what’s been going on in Azure IaaS in August, and I’ll also discuss a few features and services that you might have missed or forgotten about.
One of the topics that I have found myself talking to customers about lately is governance in Microsoft Azure. Azure offers a number of tools to help you with governance – control, auditing, and role-based access control:
- Management Groups: This feature, which reached general availability in August, allows you to create an inheritance hierarchy for grouping and organizing subscriptions in your tenant (linked to your Azure AD domain).
- Resource Groups & Resources: Everything you deploy is a resource and is deployed into a resource groups. Resource groups can be used to logically group resources, such as AppA in a resource group called AppA.
- Role-Based Access Control: Azure provides a set of roles and enables you to create custom roles that can be used to assign rights to groups of users within Azure. The concept is that you can give people just enough rights to get the job done. Permissions can be assigned, using these roles, to resources (ideally not), resource groups, subscriptions, and management groups.
- Azure Policy: You can create and deploy policies to control and restrict what is deployed, and how it is deployed/configured in Azure. Policies can be deployed to management groups, subscriptions, and resource groups.
- Activity Log: Everything that happens in Azure is logged in the Activity Log, such as a successful backup, creating a virtual machine, removing a database, or planned maintenance by Microsoft. You can create alerts to trigger action groups so you know when these things happen.
Microsoft introduced managed disks in February of 2017. The old method of deploying disks, a page blob in a storage account, was renamed to un-managed disks. Un-managed disks are the past, and are no longer developed or improved. You have always been convert the un-manged disks of single virtual machines and availability set virtual machines into managed disks using PowerShell.
Why would you want to upgrade to managed disks? Firstly, it’s because they are what Microsoft are developing. For example, the new Standard SSD tier of disk (low latency and smooth flow of data) will only be available as an un-managed disk. Secondly, it’s because they are easier to own and offer more functionality. Imagine that you deployed a machine with Premium SSD storage and your monitoring indicated that you always use less than 500 IOPS and latency isn’t a big issue. Those disks might be candidates to convert to Standard tier disks. I can do that with a few clicks in the Azure Portal if they are manged disks. If they are un-managed disks then life will be … interesting.
When I’m assisting customers or looking at consumption billing, I still see a massive number of un-managed disks, even in Resource Manager (ARM) deployments (a requirement for managed disks). I think that this has been because most people don’t read blogs or attend tech events/training, and never discover the new options.
As of this month, the conversion to managed disks can be done in the Azure Portal. A banner appears in the overview of virtual machines with un-managed disks, making it more discoverable for customers. Clicking the banner will lead the operator to a new Migrate To managed Disks blade which will orchestrate the process, requiring a shutdown, for you.
Other Announcements from Microsoft
Here are other Azure IaaS headlines from the past month:
- General availability of instance size flexibility for Azure Reserved Virtual Machine Instances
- Accelerate healthcare initiatives with Azure UK NHS blueprints
- Linux on Azure App Service Environment now generally available
- Announcing the public preview of Windows Container Support in Azure App Service
- New customizations in Azure Migrate to support your cloud migration
- Azure Site Recovery powers Veritas Backup Exec Instant Cloud Recovery for DR
- Announcing VNet service endpoints general availability for MySQL and PostgreSQL
- Migrate Windows Server 2008 to Azure with Azure Site Recovery
- Azure Block Blob Storage Backup
- Troubleshoot connectivity issues in a virtual network
- New log experience in the Azure portal
- Monitor all Azure Backup protected workloads using Log Analytics
- Azure Security Center update August 29
My Azure Posts on Petri
Here are my Azure posts from the month of August:
- How to Resize an Azure Virtual Machine
- Multiple Ways to Backup SQL Server in an Azure VM
- Azure File Sync is now Generally Available
- Azure File Sync Requirements
- How To Deploy Azure File Sync
- Restoring Files with Azure File Sync
- Backing Up Files with Azure File Sync
And Now for Something Different
Power BI – there’s a product that I thought I would never blog about. My employer, a CSP Indirect distributor that sells Microsoft (and other vendor’s) services through Microsoft partners, ran a Power BI course a few months ago and I sat in on it. I was hooked on it immediately. Using Power BI, you can take in data sources from many places such as SQL Server, Excel, Azure SQL, CSV, a table on a web page, Oracle, DB2, Sybase, SharePoint, and many more, and then visualize that data in easy to consume reports.
We struggle to understand what our resellers were doing with Microsoft Azure, how usage was growing, who was doing well, who was doing interesting things, and trying to understand micro-cost spends. Every month, my employer gets a huge reconciliation report from Microsoft for our resellers’ Azure usage. This report has a line-by-line summary and daily usage information for every resource in every Azure subscription. As you can imagine, this is not something you want to read.
Then I installed Power BI Desktop on my Surface Book and imported this CSV file, and generated a bunch of visual reports with tables, filters, pie and bar charts, and even AI-based analytics. In a matter of hours, our understanding of the business had evolved – if you can evolve from nothing. Every month, this data is ingested, and we can see who’s growing, who’s not, and we have a greater understanding of Azure usage.
Why am I not using Azure Cost Management? Many reasons:
- It’s based on RRP rates in US Dollars only.
- The old Cloudyn tool isn’t that useful in our Azure channel (Cloud Solution Provider or CSP)
- I find that the data in Cloudyn is pretty useless – that’s just my opinion!
If you have data that you’d like to understand then give Power BI a look. By the way, many Microsoft cloud services have content packs that are easy to connect and have built-in visualizations, such as Azure AD, Azure Activity Log, and Azure Backup.
Tagged with Activity Log, App Services, ASR, Auditing, Azure, Azure File Sync, Azure Migrate, Azure Policy, Azure Portal, Azure Site Recovery, Azure Virtual Machines, Backup, Backup Exec, BLOB, Cloudyn, Containers, Cost Management, Disaster Recovery, DR, Governance, IaaS, Infrastructure, linux, Managed Disks, Management Groups, Microsoft, MySQL, PostgresSQL, Power BI, RBAC, Reference Architectures, Reserved Instances, resize, Resource Groups, Role-Based Access Control, Service Endpoints, SQL Server, storage, Subnet, Veritas, virtual machine, Virtual Network, VM, W2008, Window Server 2008