Azure Compute: New Features & Roadmap

Speaker: Corey Sanders, Director of Compute, Azure, Microsoft

Lots of stuff that hasn’t been talked about yet.

Compute Through The Ages

Some old PCs, aa rack, a video of Monkey Boy doing developers developers developers, tablets, the cloud, and an alien (Quantum Computing).

Digital Transformation

Drink!

• Engage customers
• Transform products
• Empower employees
• Optimize operations

What’s Important to You?

• Security
• Availability
• Cost savings
• Automation
• Infrastructure – sounds like a dev audience based on the boos.
• Application PaaS
• Management

VM – Compute

• ND (new) and NCv2 (next few weeks) have launched with P100 and P40 GPUs.
• Partial Core Alternatives for SQL/Oracle. You can reduce the number of cores that you can see/use in large VMs to get the other features of that VM, e.g. lots of RAM.
• B-Series burstable VMs with a baseline low CPU capacity. Earn credits by using under the baseline, and burn those credits by getting more CPU capacity.
• SAP system has 20 TB of RAM, 960 CPUs, 60 TB multi-node, bare-metal performance because these are bare metal machines.

VM Scale Sets

Up to 1000 VMs in a single manageable unit. Adding auto-OS update by the end of the year. IPv6 load balancer support. Zone redundant VMSS (availability zone automation).

Managed Disks

Abstract away the underlying storage. Data always encrypted at rest. Coming:

• Incremental snapshots
• Larger disk sizes
• Cross-subscription/region sharing
• Private repository

Security

• Unified visibility and control
• Adaptive threat detection
• Intelligent threat detection and response
• Investigation into security risks

Announcements:

Missed all this because of speaker speed.

Demo:

An alert of a suspicious process being executed. We can run a playbook from a list. They’re logic apps under the covers. The playbook designer looks like Office Flow. Example shows message being posted in Teams and a ticket being posted in ServiceNow in the event of a high priority alert. He shows that he could post a message in Slack.

Accouncements

Confidential computing which uses Intel silicon to run bits of processes with secure data. This is built on WS2016 Hyper-V technology. This should be small bits of code because you cannot debug it because it’s … secure.

Governance and Management

Lock down who/what/when.

New policy management is announced this week. JSON policy is a lot easier now. CloudDyn is free in Azure.

• Azure Policy Center
• Management groups
• Managed Apps GA
• Update and Configuration Management

• Azure Policy Center

Policy Center is in the Azure Portal. under Policy – Compliance. You can do things like “Deny Hybrid Use Benefit” or control VM extensions, control managed disk usage, restrict image creation, etc.

Sample JSON policies are shard in GitHub.

Management Groups

Organizational alignment for Azure subscriptions. Targeted resource policy, access control and budgets. Compliance, security, and reporting by team.

Update, Configuration, And Change Tracking

Windows and Linux, Azure and non-Azure.

Collect and search inventory. Track changes to each system. Autocorrect configuration.

Schedule patching and check compliance.

Application Service Catalog GA

Turnkey for managed workloads. Sealed for simplified usage. Managed by central IT.

Availability

Different tiers: single VM, availability sets, availability zones, and DR.

Availability Zones

PowerShell in the Cloud Shell

Azure Automation with Python.

Availability Zones

Physically separated unlike fault domains. Still in a single region. A zone is one or more data centres. Redundant power, network, and cooling. Reduce single points of failure in the platform. At GA, will offer 99.99% SLA over the 99.95% SLA with availability sets, or 99.9% SLA on single VMs with Premium-only storage.

And then there is DR, to give you replication of VMs using Azure Site Recovery to another region.

Cosmos DB, MySQL/SQL/PostGres, Blob storage, and VMs all have inter-region DR solutions.

Backup and DR

Backup in a single click with VMs. DR with Azure-to-Azure Site Recovery. Recovery Plans, with Automation, offer single-click orchestrated failover.

Maintenance

Currently it typically takes under 30 seconds to do maintenance on hosts in Azure – warm reboot of Hyper-V called in-place migration. They actually replace the entire host OS during patching!

On-demand maintenance. 2-4 week notice window. You can do the reboot on your own schedule. Full reboot updates only. Demo.

A notice appears (also email) to say a VM will be rebooted for host maintenance. You can click Start Maintenance, to move (reboot) the VM to a host that is already updated. It’s in preview in West Central US.

Cost Savings

• Track usage and cost trends (CloudDyn)
• Detect spending anomalies
• Allocate usage to business units
• Reduce cost of services

Batch:

• Reserved instances on the way.
• B-Series VMs
• Batch VMs – all sizes in all regions, and mixe low and high priority VMs
• Pre-emptible VMs with up to 80% fixed – for non-critical VMs where MS can take resources back from you.

Future: Serial Console

This is experimental at the moment. A Serial Console is connected to a VM (RHEL). This is an interactive console, not just the screenshot of Diagnostics today. He is logged into RHEL in the VM. He then runs a reboot and watches the entire process, which we wouldn’t have seen via SSH.

This is Linux focused, but they’re working with Windows to find a solution.

Containers & Microservices

Azure Container Instances (ACI) are on the same level as VMs in Azure. Service Fabric and Kubernetes sit above them in management layer. Containers with Kubernetes are “managed containers”.

Announcing: ACI on Windows and ACI on Service Fabric.

40% of Service Fabric customers today are also deploying on-prem, and containers are the perfect compatible solution.

He does a demo to deploy IIS on Nano Server in an ACI (normal Windows container) with a public IP address.

Now a demo of ACI in service fabric. There’s a JSON that specifies the container spec. He’s using a tool called Service Fabric Explorer. He deploys a Linux container in the Service Fabric.

Service Fabric Ga for Linux

You can deploy Linux service plans. You can orchestrate on Linux or Windows. Run a million containers on a single cluster.

Azure Container Service for Kubernetes

You can provision Kubernetes very quickly and easily on Windows and Linux.

Some investments on tooling – an acquisition of a company that sounds like Deus.

Lots of partner solutions from the likes of Dicker Enterprise to manage on-prem and in the cloud with one experience. RedHat OpenShift to manage Kubernetes & RHEL ACI hosts. Pivotal is designed to lift and shift Java applications to containers – Azure, on-prem, and other clouds.

App Services and Serverless

This is a layer above Service Fabric and Kubernetes. We can do this cluster-less (App Services) and server-less (Functions) or Logic Apps.

Web Apps and Linux Containers are GA. You can integrate with Docker Hub and VSTS, and SSH into them.

Azure Event Grid

Treat events as first class objects. Things like Logic Apps and Functions start because of events. Many platforms don’t treat events as first class. As first-class, the events can go anywhere, e.g. from Azure Storage to AWS Lambda. Your apps can listen for events, e.g. WebHooks, Azure Automation, Logic Apps, Functions.

When an event happens, it goes into Event Grid. Then it can be directed to one of the above 4 services in Azure.  From Logic Apps, you can integrate into lots of things like Twitter, Slack, SalesForce, etc, via Logic Apps’ ability to do workflows.

This is “event-driven computing”.

More Announcements

• Cosmos DB Trigger
• Microsoft Graph Bindings
• MacOS and Linus Local Development
• App Insights GA