Demystifying cloud economics

Migrating to the cloud is an evolution, and it's important to think differently about how you consume resources. As you're building a business case in your organization, it's critical to step back and understand the cloud's key constructs and transform your mindset. It starts by having a conversation about today versus tomorrow and what is possible in the cloud, as with this migration, you will get instant access to innovative technologies and several new options that do not exist on-premises.

Azure is here to help you start your cloud journey strong with key financial and technical guidance as well as best practices from customers who charted a successful cloud journey. With this intention, we recently launched a new initiative to help our customers understand and demystify cloud economics. We will provide a rich set of digital content highlighting key technical and financial tips from Azure experts and share lesser-known tips through this initiative. In this blog, we'll discuss a set of key considerations that will save you time, budget, and resources as you chart your cloud journey.

How does cloud pricing work?

Cloud billing is tied to compute and storage that includes the underlying software licensing fees. Costs accrue via a pay-for-what-you-consume model versus the up-front server infrastructure and software licensing costs that you would typically pay on-premises in your data center. If you run your workloads on-premises, you have a combination of upfront costs and operating expenditures. When shifting to the cloud, you largely shift to pay-as-you-consume-based models, which results in a largely operating expenditure-based model.

The first thing to note is that the cloud is infinitely flexible and is not "one size fits all." As you literally pay for what you consume, for the best pricing, you need to consider how you will consume resources for your specific workloads. Then you can establish your fixed and variable cost models to maximize your investment. And these models complement each other. You can layer on top of your variable resources for your seasonal or demand-based activities where elastic computing makes sense and where you can consume on-demand or automate against specific capacity thresholds. That said, we'd like to provide some guidelines to align your cloud spend with underlying workloads.

Align your cloud spend with underlying workloads

Know your workloads

When on-premises, your architecture is likely provisioned for peak capacity. Shifting from on-premises to the cloud with the notion that you can scale up and down and take full advantage of the cloud benefits. Therefore, it is important to know your workloads and understand our key constructs for maximum efficiency.

◉ Idle capacity: Azure allows you to eliminate idle capacity intended to cover future growth across workloads. Actions like rightsizing or eliminating unnecessary workloads can help you reduce your idle capacity when moving to the cloud.

◉ Unpredictable workloads: The overall premise and major advantage of the cloud that you're probably most familiar with is the power it gives you to elastically scale compute resources in response to different peaks in your business. This is great for unpredictable workloads, wherein the Azure service you can add and subtract resources as you need them, resulting in variable costs. Taking advantage of tools and actions like virtual machine scale sets and "snoozing" can help you only pay for the resources needed.

◉ Predictable workloads: If a portion or all of what you are consuming is more consistent, for example, a batch process that runs every day using the same resources as clockwork on a schedule or what we call a predictable workload, we have options for that, too. You can benefit from fixed costs at reduced pricing by taking advantage of the cost-savings offers such as Azure Reservations.

◉ Do a clean-up and right-size from the get-go: Just like when you move from one house to the other, you sort the items that you don’t use and decide what to do with them.When planning to move your workloads to Azure, consider which workloads are no longer needed and can be turned off. This can help you build stronger business models and show an immediate impact on your budgets. For workloads still needed, consider what can be done to optimize those resources and operational hours, leveraging tools such as Azure Migrate.

Take advantage of the cost-savings options

Here are the key cost-savings offers for you to consider for keeping your costs in check:

◉ Azure Hybrid Benefit: A licensing benefit that helps you significantly reduce the costs of running your workloads in the cloud. It works by letting you use your on-premises Software Assurance-enabled Windows Server and SQL Server licenses on Azure. And now, this benefit applies to RedHat and SUSE Linux subscriptions, too.

◉ Spot virtual machines: Get deep discounts for interruptible workloads that do not need to be completed within a specific timeframe, such as high-performance computing scenarios, batch processing jobs, or visual rendering applications, dev and test environments, including continuous integration and continuous delivery workloads or large-scale stateless applications.

◉ Reservations: Receive a discount by reserving your resources in advance, which allows you to be more efficient. In return, we pass these savings onto you as discounts of up to 72 percent.1

◉ Azure dev and test pricing: Get discounted rates for your ongoing development and testing, including no Microsoft software charges on Azure Virtual Machines and special dev and test pricing on other services.

◉ Extended security updates: We're providing several options to continue the support for SQL Server 2008 and SQL Server 2008 R2, which have reached the end of their support (EOS) life cycle. You can migrate your on-premises SQL Server instances to Azure Virtual Machines, Azure SQL Database, or stay on-premises and purchase extended security updates. Unlike with staying on-premises, you'll receive free extended security patches by migrating to an Azure Virtual Machine.

Understand what process and financial stories typically change with cloud migration

In the financial considerations for cloud migration blog, we shared how cloud migration can affect CFO priorities and how the organization's financial posture and financial KPIs and processes change. Key financial benefits of Azure are driven by a fundamental shift in the IT operating model, which benefits your organization's core financial statements in the following ways:

◉ Balance sheet: When you operate your datacenters, you have expensive long-term assets that limit the cash and capital required to grow your business. While in the cloud, you can shift datacenter operations costs into developing cloud applications and other projects that drive business growth, which make your balance sheet more agile.

◉ Cash flow statement: With the "pay per use" model along with platform capabilities like policy and tagging that Azure enables, you can increase the visibility and predictability of your cash flow statement and delay cash spend.

◉ Income statement (profit and loss): Over time, you can improve profitability by reducing the cost to deliver equal or larger IT value by taking advantage of Azure's flexibility, low management costs, and its broad portfolio of services and pricing models.

Source: microsoft.com

Continue reading

Automating quota management with Azure Quota REST API

Enterprises are increasingly defined by the applications they use and build to run their core business processes, including the customer experiences they provide. Across all sectors, we see how companies like challenger banks, online healthcare providers, e-commerce providers, and other startups are winning customers by providing new applications. The continuous need to innovate and deliver faster has yielded a new paradigm of software development called cloud native.

Cloud native describes the applications, architectures, platforms, infrastructure, and processes, that together make it economical and possible to respond quickly to a changing landscape and growing customer needs. In simple terms, it is application code, and dependencies packaged in containers, deployed as microservices, and exposed as APIs. And you can manage them using DevOps processes and tools.

Automation is a key aspect of DevOps and agile development. The longer it takes for developers and operations personnel to complete mechanical and manual tasks, the slower and less flexible their environment becomes. With Azure Quota REST API, you can automate quota management and integrate this capability programmatically with your applications, tools, and existing systems. Now you can move your applications and systems faster to the cloud and free up your time to focus on your core business.

On January 19, we announced the general availability of the Azure Quota API. In this blog post, we walk you through the benefits of using the Azure Quota API to automate and improve your Azure resource management operations.

What are quotas?

Quotas, also referred to as service limits, are the maximum values for the resources, actions, and items in an Azure account.

An Azure subscription is an agreement between a customer and Microsoft that enables the customer to obtain Azure services. The subscription pricing and related terms are governed by the offer chosen for the subscription. There is a default quota for a given subscription, region, and stock-keeping unit (SKU). Each Azure service defines its quotas and default values.

Here are some things to consider about quotas:

◉ Just like credit cards have credit limits, Azure services have limits. A quota is the upper limit of consumption for an Azure resource.

◉ A quota is shared across all the services in each subscription. When you are evaluating your capacity needs, you should calculate usage across all services.

◉ Some services have adjustable limits. The limit can be raised above the default limit but not above the maximum limit. Default limits vary by offer category type, such as free trial, pay-as-you-go, and virtual machine series (such as Dv4, Fsv2, and Easv4).

Key benefits

Customers with a Microsoft Enterprise Agreement, pay-as-you-go subscription, or Cloud Solution Provider (CSP) benefit from using Azure Quota API to improve their Azure resource management operations. Here are some customer benefits for using Azure Quota API:

◉ Granular and programmatic control for managing quotas that need to be adjusted.

◉ Managing transitional events when quota checks fail without resulting in creating a support ticket for a quota increase.

◉ Automating quota usage validation end-to-end and requesting quota increases with the Azure Quota API.

◉ Managing organic and inorganic growth of virtual machines efficiently.

Using Azure Quota API

To compete effectively, enterprises need to create an environment where developers can do their best work and operation teams can confidently meet the reliability, security, and compliance requirements their organizations expect. This requires advanced cloud capabilities designed to support modern constructs like containers, DevOps, APIs, managed services, and the fluidity to work across environments and teams. Azure Quota API can address this need for quota management automation and enabling quota management integration with your existing tools and applications.

Azure Quota API is a one-stop-shop for automating the process of viewing and managing quotas and eliminating the manual process of creating and managing quotas through support tickets in the Azure portal. Azure Quota API makes it easy to look up current quota usage and to request increases. With the current version of Azure Quota API, you can manage the service limits (quota) of Azure Virtual Machines (cores/vCPU) and Azure Machine Learning. In future releases, you will be able to take advantage of this capability to query current usage and quotas for additional Azure services and resources.

The following example illustrates how to use the Azure Quota API to automate quota management to improve agility, developer velocity, and efficiency in IT operations.

If you are a lead developer in a cloud readiness team, you may need to test software for a variety of configurations at scale. While testing, you may need to create many virtual machines. One of the challenges you may face is the inability to deploy new virtual machines because the maximum quota limit has been reached. This may happen frequently and unexpectedly because of the inorganic growth in the usage of virtual machines in your organization.

To continue with your workflow, you would have to manually create a support ticket to request a quota increase. But now, to improve efficiency in your workflow, you can use the Azure Quota API to automate quota request and validation operations end-to-end. You can check usage and monitor when your virtual machines reach the quota limit and automatically submit quota requests to increase limits. This can help you achieve operational efficiencies paving the way for uninterrupted firmware testing.

Continue reading

MTA Networking Fundamentals 98-366 Exam: Top Tips to Get Certified

Microsoft is a multinational technology organization that develops, licenses, supports, manufactures, and sells computer software and other relevant services. It is also a prestigious vendor providing IT certification and exams. IT professionals get certified on different technologies like App Builder, Networking, Azure, etc. Every Microsoft certification comprises at least one exam or a series of exams to pass. This article will look into one of the Microsoft exams, Microsoft Technology Associate (MTA) - Networking Fundamentals, coded 98-366.

As the MTA certification falls into the fundamental level, it is advisable to establish a solid foundational knowledge in your chosen technology before registering for an exam. Microsoft 98-366 exam is the first exam to prove your knowledge in networking technologies proficiency.

To pass with excellent scores, you have to craft out your way of studying for the 98-366 exam. Although only three topics are evaluated, 98-366 will never be an easy task. Most of the applicants who do not prepare adequately fail the exam. Today, I want to share an ultimate guide to enable you to pass the 98-366 exam on the first try. Let's begin!

1. Use 98-366 exam objectives as a Checklist

Every Microsoft exam is set in line with the official exam objectives. Make 98-366 exam topics your #1 tool to assure that you obtained the essential knowledge to pass. After every preparation session, go through the exam syllabus topics to see if you are progressing. Moreover, 98-366 exam objectives set definite limits for your preparation because it manifests the main concepts you should have a good grasp of.

MTA 98-366 Exam Objectives

• Understanding network infrastructures (30-35%)
• Understanding network hardware (20-25%)
• Understanding protocols and services (45-50%)

2. Use Resources from Trusted Platforms

Numerous resource platforms claim success in an exam if they use the study resources from their websites. Before you go for the tricks, check the reputation of such websites. You should take time to ask for perspective from those who have already passed Microsoft 98-366 exam. Ask for a viewpoint from your colleagues and also go through online reviews to know if a website is genuinely providing authentic prep materials or not. If you are still not convinced, we recommend that you go with the Microsoft official training platform.

Steps to MTA 98–366 Certification Success

Microsoft Learning Portal is an excellent place to begin your preparation for the Microsoft 98-366 exam. You will find a diverse range of study materials, links, video tutorials, and much more to equip you with. Microsoft confirms all resources available here as the official resources for the certification exam.

3. Become Familiar with 98-366 Exam Questions

Before you sit for the MTA 98-366 exam, you should get familiar with the exam structure. Practice tests are the best way to get familiar with the exam structure and the kind of questions likely to be asked.

As you take more and more practice tests, you will come to know about your weak and strong areas. This will help you to work on topics on which you are weak. Practice tests will also teach you tactics that you can use when answering Microsoft MTA 98-366 exam questions.

4. Revise from Your Notes

Don't forget the short notes you wrote throughout your preparation. Make the most out of this now. Please read through them to make sure you still retain every topic you have learned. If some topics are tough for you to remember, then go back to your starting point and work on that particular topic alone. Thus, you will become well-versed with every concept expected to be evaluated in MTA 98-366 exam. Keep on revising on weak concepts until you feel very confident about taking your exam.

Reasons Why Microsoft Networking Fundamentals (98-366) Certification Is So Popular

When it comes to the best vendors out there for IT certifications, you cannot ignore Microsoft. This company provides many certificates, one of which is MTA: Network Fundamentals. Many organizations utilize Windows Server 2016, and they require certified professionals to work with this technology. This makes this credential so famous, but to earn it, you need to take Microsoft 98-366. So, if you are all set to spend some extra time studying and have some prior experience with Windows Server 2016, you won't face any difficulties passing this exam.

Career Opportunities

With the MTA 98-366 certification, you can count on these job profiles:

• Network Administrator
• Web Administrator
• Network Engineer

Conclusion

Having a certification from a recognized vendor introduces you to the world of Information Technology. The MTA certification gives professionals a passion for high-level IT certifications. Get the MTA certification by passing Microsoft 98-366 exam with the help of a practice test. Make use of every study resource, and you will surely get excellent knowledge to help you excel in the 98-366 exam. All the best as you frame up your networking career!

Continue reading

Azure Automation 2020 recap and what’s new

If you are like many of our customers running a mix of machines and applications in your on-premises datacenters or in the cloud, be it Azure or any other platform of your choice, consistent management of these resources is likely to be top of mind for you. Infrastructure Automation was one of the major investment areas for many companies in 2020 and with the global pandemic impacting every organization—large or small—their employees, and the customers they serve. We have seen the crucial role infrastructure automation plays in sustaining and running operations efficiently across the board, by giving you the ability to automate your day-to-day mundane IT tasks and other mission-critical operations.

Azure Automation brings in a rich feature set and integration capability with other platforms to configure infrastructure and orchestrate workflows in the cloud or on-premises through the hybrid worker role. Our team continues to expand this ecosystem offering more features and improvements. Customer feedback has been instrumental in shaping these features, and we hope you'll keep the feedback coming.

In this blog post, let’s go back on a retrospective journey and see the enhancements introduced in Azure Automation in 2020, an announcement from Forrester declaring Microsoft as a leader in the Infrastructure Automation Platform, and a sneak peek into our focus areas and initiatives in the coming years.

Process automation and state configuration

◉ Azure Automation integration with GitHub. As TechNet Script Center is retiring and to enable crowdsourcing of runbooks, all runbooks hosted in the Runbook gallery have been moved to our Automation GitHub organization.

◉ Support for process automation and state configuration declared general availability in Japan West, Switzerland West, UAE North, Germany West Central, Switzerland North, Brazil South East, and US Gov Arizona.

◉ Azure Automation and Update Management Private Link announced general availability. Azure Automation enabled private link support to secure execution of a runbook on a hybrid worker role, using Azure Update Management to patch machines, invoking a runbook through a webhook, and using State Configuration service to keep your machines complaint.

◉ Azure Automation classified as Grade-C certified on accessibility. Accessibility features of Microsoft products help agencies address global accessibility requirements.

On the blog announcement page, search for Azure Automation to read the accessibility conformance report for the Automation service.

◉ Desired State Configuration (DSC) support announced for Oracle 6,7, and Ubuntu 18.04.

◉ Preview for Python3 runbooks in Automation. Azure Automation now supports Python 3 cloud and hybrid runbook execution in preview in all regions in Azure global cloud.

◉ Published the DSC extension to support Azure Arc. Use Azure Automation State Configuration to maintain the desired state of hybrid connected machines enabled through the Azure Arc enabled servers DSC Virtual Machine (VM) extension.

◉ Start and Stop virtual machines during off-hours runbooks updated to use Azure Az modules. Start and Stop virtual machine runbooks have been updated to use Azure Az modules in place of Azure Resource Manager modules.

◉ Hybrid Runbook Worker support for Windows Server 2008 R2 added to support automation scenarios on Server 2008 R2.

◉ Automation diagnostic logs schema update. Introduced change in the schema of Azure Automation log data in the Log Analytics service.

◉ Hybrid Runbook Worker onboarding script updated to use Azure Az modules. The New-OnPremiseHybridWorker runbook has been updated to support Azure Az modules.

◉ Updated Automation service DNS records from region-specific to Automation account-specific URLs. Azure Automation DNS records have been updated to support Private Links.

◉ Added capability to keep Automation runbooks and DSC scripts encrypted by default. In addition to improving the security of assets, runbooks and DSC scripts are also encrypted to enhance Azure Automation security.

◉ Retirement of the Automation watcher task. Azure Logic Apps is now the recommended and supported way to monitor for events, schedule recurring tasks, and trigger actions.

◉ Support for Impact Level 5 (IL5) compute isolation in Azure commercial and Azure Government cloud. Azure Automation Hybrid Runbook Worker can be used in Azure Government to support Impact Level 5 workloads.

◉ Introduced support for Azure virtual network service tags. Automation support of service tags allow or deny the traffic for the Automation service, for a subset of scenarios.

◉ Enable TLS 1.2 support for Azure Automation service. Azure Automation fully supports TLS 1.2 and all client calls (through webhooks, DSC nodes, and hybrid worker).

◉ Introduced preview of customer-managed keys for Azure Automation. Customers can now manage and secure encryption of Azure Automation assets using their own managed keys.

◉ Retirement of Azure Service Management (ASM) REST APIs for Azure Automation. Azure Service Management (ASM) REST APIs for Azure Automation will be retired and no longer supported after January 30, 2020.

Azure update management

◉ Update Management availability in South Central US, China East 2, and US Gov Arizona region. Azure Automation region mapping updated to support Update Management feature in the said regions.

◉ Update Management support for Windows Server 2008 R2. Update Management now supports assessing and patching the Windows Server 2008 R2 operating system.

◉ Azure Lighthouse supports Automation Update Management. Azure Lighthouse enables delegated resource management with Update Management for service providers and customers.

Change tracking

◉ Support for Change Tracking declared general availability in Switzerland North. 

Microsoft has been named as a leader in The Forrester Wave(TM): Infrastructure Automation Platforms, Q3 2020

In a 26-criterion evaluation grouped into three high level categories; Current Offering, Strategy, and Market Presence. Forrester’s research uncovered a market of top vendors in which Microsoft is a leader.

The report states:

“Microsoft continues to iterate at a swift pace, and its increasing adoption of open source has paid dividends. Microsoft is better than most of its competitors at DevOps integration, community engagement, and support of its products and services. Reference customers lauded Microsoft’s engagement model and end-to-end ecosystem but raised concerns about visibility of costs and where customers could ultimately save money. Microsoft’s solution is a good fit for firms that want a swiftly updated automation stack or for those with an established relationship with Microsoft.”

Read the full report to learn more.

Source: microsoft.com

Continue reading

Azure Front Door enhances secure cloud CDN with intelligent threat protection

The Internet is the new corporate network and the fabric that connects users, devices, and data to applications of all types. It is foundational to how organizations run their businesses, engage their customers, conduct commerce, operate their supply chain, and enable their employees to work from anywhere. However, while the Internet is highly scalable and ever expanding, it is not always well optimized for the wide variety of applications and user experiences, and has little cybersecurity protections in place to secure applications from rising security threats and vulnerabilities.

Given how central these workloads are for enterprises, they look for a new class of content delivery network (CDN) which goes beyond caching, and can meet their availability, latency, scalability, and more importantly, the security goals. In addition, they have requested for a single unified platform which caters to both dynamic and static acceleration with built in turnkey security integration, and a simple and predictable pricing model.

To address these customer requirements, we're introducing the preview of two new SKUs to the Azure Front Door family, which combines capabilities of Azure Front Door, Azure Content Delivery Network (CDN) standard, and Azure Web Application Firewall (WAF) into a single secure cloud CDN platform with intelligent threat protection and a simple to understand pricing model.

Azure Front Door standard SKU is content delivery optimized, offering both static and dynamic content acceleration, global load balancing, SSL offload, domain and certificate management, enhanced traffic analytics, and basic security capabilities.

Azure Front Door premium SKU builds on capabilities of the standard SKU, and adds extensive security capabilities across WAF, BOT protection, Azure Private Link support, integration with Microsoft Threat Intelligence, and security analytics. 

Figure 1: New Azure Front Door SKUs

Azure Front Door standard and premium overview

The new Azure Front Door provides you with an easy way to secure and accelerate apps, APIs, and websites. The key benefits which you get using Azure Front Door include:

◉ Improved application security with integrated WAF protection against the Open Web Application Security Project (OWASP) top 10 vulnerabilities, custom rules for application-specific protection, and Bot Manager protection against automatic malicious attacks, all integrated with Microsoft Threat Intelligence, with built-in layer 3 to 4 distributed denial of service (DDoS) protection.

◉ Enhanced static and dynamic site acceleration at the network edge close to the user, instant scale-out without warm-up, global HTTP load balancing with instant failover, and fully customizable rules engine for advanced routing capabilities.

◉ Built on Microsoft's massive-scale private global network, Azure Front Door is a proven platform used to power some of the largest and latency sensitive global services at Microsoft, such as Microsoft Office 365, Bing, LinkedIn, and Xbox.

◉ Simplified deployment and automation with a cloud-native and developer-friendly service that is fully representational state transfer (REST) API driven.

New capabilities

In addition to supporting all features available on Azure CDN standard, Azure Front Door, and Azure Web Application Firewall, the new standard and premium SKUs also add the following new capabilities in this preview:

Simplified and integrated user experience

The new SKUs offer the combined capabilities of Azure Front Door, Azure CDN standard and Azure Web Application Firewall in a refreshed new portal experience.

◉ Simplified Front Door creation: We have added Quick create that dramatically reduces the deployment steps and configuration. We also provide a new guided experience that lets you choose the correct SKU based on your usage scenario. The existing Azure Front Door and CDN offerings are also accessible from this unified experience.

◉ Simplified management experience: We have also enhanced the domain validation experience by removing reliance on CNAME subdomain-based verification to exclusively rely on domain name system (DNS) TXT record-based validation. The domain validation is seamlessly integrated with Azure DNS which further reduces delays in validation and eliminates dangling subdomain issues.

◉ TLS certificate management: Both standard and premium SKUs also offer Azure managed transport layer security (TLS) certificates by default for all of your custom domains at no additional cost. You never have to worry about TLS certificate expiry. You can opt to bring in your own TLS certificates by utilizing the built-in integration with Azure Key Vault.

Security and private origins

◉ Private origin support: Integration with Azure Private Link is an industry first CDN capability that enables customers to keep their origins private and embrace a zero-trust access model. This integration removes the necessity of having origins with public internet accessible IP addresses, thereby significantly reducing the surface area. Any PaaS service that integrates with Azure Private Link like Azure Storage and Azure App Services can be used as private origin. Your IaaS services running behind an Azure Load Balancer can also be enabled for Azure Private Link access.

◉ WAF enhancements: Azure Front Door premium SKU also enhances WAF capabilities by integrating Microsoft Threat Intelligence authored rules, CRS 3.2 signatures and Bot Manager that effectively protect applications from the OWASP top 10 and automated Bot vulnerabilities.

Analytics and telemetry

◉ Enhanced analytics capabilities for better troubleshooting and debugging. In addition to enhancing access logs and offering additional metrices, the new SKUs also provide pre-canned reports on traffic delivery and security.

◉ Azure Front Door health probe log: In addition to offering more metrices and enhancements in diagnostics logs, we are also introducing the health probe diagnostic log that allows you to debug if any origin is deemed unhealthy.

Traffic report by location

Security report

Simplified pricing

We have reduced billing complexities by having fewer meters that customers need to plan for. Each SKU includes a fixed monthly fee, tiered egress (data transfer outbound),  requests per seconds (RPS), and ingress (data transfer inbound) fees. Azure Front Door premium SKU includes WAF, DDoS, Bot protection, and private link capabilities.

Source: microsoft.com

Continue reading

Future-proof your network with Azure for Operators

Increasing competition and ever-growing demand for mobile, always-on services challenges operators to find new strategies to grow profits and gain a competitive edge. To succeed, operators also need to embrace three critical trends:

◉ Changing the economics of their service model.

◉ Finding new revenue and shareholder value with 5G.

◉ Driving digital transformation, consolidation, and automation.

To address these trends, operators are actively seeking ways to transform their infrastructure, embrace 5G, and evolve their business.

To support operators in capitalizing on this opportunity, we launched the Azure for Operators initiative in September 2020, acting as a trusted partner to provide cloud and edge computing technology and solutions. We are building a platform on the foundation of a carrier-grade cloud and enhanced networking to bring the power of Microsoft's technology to the operator's edge. When these capabilities are combined with our broad developer ecosystem and deep business-to-business partnership programs, the result is a unique environment that will help operators accelerate their ability to monetize their network capabilities. 

The advent of 5G technology offers network operators unprecedented opportunities to expand their scale and range of services to enterprise customers in particular. Beyond faster data services for smartphones and 5G networks, other emerging technologies will deliver capabilities that can support critical business operations while enabling high-speed, low-latency communications, and connectivity for intelligent devices. Successfully seizing this opportunity requires operators to complement their networks with cloud and edge computing.

Microsoft can uniquely provide operators with technology and cloud solutions to realize the opportunities of a new service model, adoption of 5G, and digital transformation.

Our guiding principles

Azure for Operators is built on six fundamental principles:

1. We are bringing the power of cloud to future-proof your network, driving down costs and opening new revenue streams.

2. We will partner—you own your customers, brand, ideation, and experiences.

3. We remain a platform business—our focus is on moving workloads to a carrier-grade cloud.

4. We will meet you where you are—on-premises, at the edge, or in the cloud.

5. Support the ecosystem—we will work closely with providers of radio access network (RAN), core, cloud-native functions (CNFs), and operations support systems (OSS) or business support systems (BSS) to integrate and innovate.

6. It is a journey—we will act as a trusted partner to help you transform at a pace that makes sense for your business.

We join operators on a shared journey, meeting them wherever they are on their digital transformation path. Together, we can unlock the potential of 5G, enabling operators to offer a range of new services such as highly reliable low-latency connectivity, network slicing, and scalable applications to transform industries and communities. Indeed, our partnering with operators is key to connecting the intelligent edge with the intelligent cloud and to creating new transformative experiences for people and organizations everywhere, across every industry.

How 5G will transform experiences and services

We see a convergence of the virtual and physical world as modern networking capabilities are combined with cloud technologies. We will help enable operators to deliver pervasive compute, real-time action, and infinite customer experiences.

There are a myriad of opportunities for innovation across industries, most notably in manufacturing, agriculture, healthcare, transportation, workplace productivity, and retail. Scenarios for 5G include:

◉ Maximizing the value of the edge.

◉ Deploying and optimizing next-gen networks.

◉ Monetizing the capabilities of 5G.

◉ Maximizing existing investments while minimizing operating expenses.

◉ Streamlining business support systems.

◉ Transforming customer experiences.

To bring these scenarios to life, Microsoft has an established and experienced developer community that is well-versed in building solutions in the Azure environment and the experience that comes from processing more than five billion cognitive services transactions per month, supporting over six billion IoT devices, and supporting more than one million machine learning experiments monthly. Microsoft is actively working with the application community to ensure a thriving ecosystem for edge applications and network application programming interfaces (APIs). 

New technology capabilities

The industry standardization of service-based architecture exemplifies how 5G will be more “cloudified” than any previous mobile technology generation. Beyond running 5G network functions in the cloud, there are more significant opportunities when networks are integrated with hyper-scale cloud services such as artifcal intelligence (AI), machine learning, security, analytics, and IoT processing. When combined with ubiquitous compute and opened to a large community of application developers, new capabilities for enterprises and end-customer experiences will emerge. Azure for Operators makes real the promise of analyzing and acting in near-real-time―a true fusion of the physical and virtual worlds.

Low-latency compute through Azure Edge Zones

We have established local extensions of Azure to provide compute, containers, and services closer to customers. Azure Edge Zones allow local, low-latency access to Azure services for immediate data ingestion and strong processing power. Operators can connect to a fast, global backbone as all data transit between the Edge Zones and Azure regions remain on the Microsoft global network. Additionally, operators can provision and manage these edge services and workloads through the Azure portal.

Direct application access to the programmable network

With Azure for Operators, Microsoft is partnering with operators worldwide to create an ecosystem of application-aware, edge solutions.  Developers can boost application performance and provide the best and most secure user experience when they access critical data from the network.  Additionally, fast and scalable applications for mobile subscriber services and connected devices can run across Azure and operator networks. We have established a single pane of glass to provision and manage Azure services at the edge, further enhancing the ease of management and scalability for application access.

Private cellular networks with the power of the cloud

By fusing cloud compute with multi-access edge computing (MEC), Arc-enabled Azure Edge Zones are our architecture to accomplish improved latency, speed, and security. Leveraging a private cellular network, industrially focused solutions such as robotics and IoT can enjoy the best of the cloud with the required network privacy. Customers can deploy Virtualized Network Functions such as routers, firewalls, and software-defined wide area network (SD-WAN) gateways across Azure Edge Zones and regions. This architecture has broad industry support from a rich ecosystem of implementation and integrated technology partners already available for collaboration.

Meeting the needs of operators

Microsoft recognizes that operators have unique requirements for reliability, resiliency, security, observability, and performance to deliver real-time communications services. Operators need control over critical network functions and want the ability to expose programmable interfaces to application developers. By adopting Azure for Operators, they are enabled to create new revenue-generating services and move existing services to the cloud to reduce costs and extend service life with a trusted cloud partner.

Azure for Operators service stack

Azure for Operators is available as a service stack, including global transport, edge platforms, network functions, business intelligence, and cloud solutions. Elements can also be selected individually and include products and solutions from Microsoft and our ecosystem partners. We are committed to supporting the ecosystem by working closely with RAN, Core, CNF, and OSS or BSS providers to integrate and innovate.

Moving forward in our journey together

Ultimately, Azure for Operators is about your customer, your service, powered by our technology. We are combining our understanding of networking and compute with our partner ecosystem to enable endless opportunities. With Microsoft, you can achieve scale, operate hybrid seamlessly, monetize with new business models and do all of this with a trusted partner.

With our hybrid cloud platform, a broad selection of cloud services, and ecosystem of partners plus application developers, we help operators generate new revenue streams from their significant investments in 5G networks while extending the useful lifespan of existing services. Working together in partnership, Microsoft and operators can combine the best of both the cloud and Telco worlds to seize the 5G opportunity and address the many challenges of today's operator business. We will act as a trusted partner to help you transform at a pace that makes sense for your business.

Source: microsoft.com

Continue reading

Connecting Azure to the International Space Station with Hewlett Packard Enterprise

Today we are announcing our partnership with Hewlett Packard Enterprise (HPE) to connect Azure directly to space using HPE’s upcoming launch of its Spaceborne Computer-2 (SBC-2), which will deliver edge computing and artificial intelligence (AI) capabilities together for the first time on the International Space Station (ISS). The SBC-2 is built on the HPE Edgeline Converged Edge system that is purposely engineered for harsh edge environments and will also enable additional capabilities to connect Azure workloads to the ultimate edge.

Astronauts and space explorers deserve access to the best cloud computing technologies and advanced processing at the ultimate edge. Sometimes analysis needs to be done immediately at the edge where every passing moment counts, and other times the analysis is so massively complex that it can only be performed with the power of the hyperscale cloud. Microsoft and HPE have established a connection from Spaceborne Computer-2 to Microsoft Azure (through NASA and the HPE ground station) to help tackle these challenges and develop new insights and opportunities.

Right now, our Microsoft Research and Azure Space engineering teams are evaluating the potential of HPE’s space, state-of-the-art processing in conjunction with hyperscale Azure, alongside the development of advanced artificial intelligence (AI) and machine learning models to support new insights and research advancements, including:

◉ Weather modeling of dust storms to enable future modeling for Mars missions.

◉ Plant and hydroponics analysis to support food growth and life sciences in space.

◉ Medical imaging using an ultrasound on the ISS to support astronaut healthcare.

“HPE and Microsoft are collaborating to further accelerate space exploration by delivering state-of-the art technologies to tackle a range of data processing needs while in orbit. By bringing together HPE’s Spaceborne Computer-2, which is based on the HPE Edgeline Converged Edge system for advanced edge computing and AI capabilities, with Microsoft Azure to connect to the cloud, we are enabling space explorers to seamlessly transmit large data sets to and from Earth and benefit from an edge-to-cloud experience. We look forward to collaborating with Microsoft on their Azure Space efforts, which share our vision to accelerate discovery and help make breakthroughs to support life and sustainability in future, extended human missions to space.” —Dr. Mark Fernandez, Solutions Architect of Converged Edge Systems at HPE and Principal Investigator for Spaceborne Computer-2

On February 20, HPE’s Spaceborne Computer-2 is scheduled to launch into orbit for the ISS on the 15th Northrop Grumman Resupply Mission to Space Station (NG-15). Over the next two to three years, these research endeavors on the orbiting laboratory will be sponsored by the ISS National Labs.

Today’s announcement advances Azure Space in bringing Azure AI and machine learning to new space missions and emphasizes the true power of hyperscale computing in support of edge scenarios—connecting anyone, anywhere to the cloud. Our collaboration with HPE is just the first step in an incredible journey and will provide researchers and students access to these insights and technologies, inspiring the next generation of those who wish to invent with purpose, on and off the planet.

Source: microsoft.com

Continue reading

Azure Defender for App Service introduces dangling DNS protection

Resources hosted on Azure App Service are at the forefront as attackers are constantly on the lookout for vulnerabilities in web applications. Dormant domains are a permanent resident on the checklist of both opportunistic and target-oriented attackers. To reduce potential attack surface, Azure App Service enforces domain verification when binding custom domain to an App service resource.

In this blog, we discuss how Azure Defender for App Service identifies any Domain Name System (DNS) entries remaining in your DNS registrar when an App Service website is decommissioned—these are known as dangling DNS entries. When you remove a website and don't remove its custom domain from your DNS registrar, the DNS entry is pointing at a non-existent resource and your subdomain is vulnerable to a takeover. We recommend that you implement processes to prevent dangling DNS entries and prevent subdomain takeovers.

General introduction: Dangling DNS

Dangling DNS starts when custom DNS from your domain's DNS zone is mapped to a DNS CNAME record of an Azure resource that is no longer provisioned, leaving the associated domain "dangling". This dangling DNS entry, also known as a dangling domain, leaves the domain vulnerable to a malicious action known as a subdomain takeover.

When a subdomain takeover occurs, a malicious actor takes control of the domain which was previously associated with your deprovisioned Azure resource. By gaining control, malicious actors can intercept traffic intended for that endpoint and or offer malicious contraband content from that endpoint. The potential impact may vary depending on the architecture of your application.

Azure Defender for App Service

Azure Defender for App Service uses the scale of the cloud to identify attacks targeting applications running over App Service. Attackers probe web applications to find and exploit weaknesses. Before being routed to specific environments, requests to applications running in Azure go through several gateways, where they're inspected and logged. This data is then used to identify exploits and attackers, and to learn new patterns that will be used later.

By leveraging the visibility that Azure has as a cloud provider, Azure Defender for App Service analyzes App Service internal logs to identify attacks across multiple targets. For example, consider an attack methodology that demonstrates widespread scan which originated from distributed sources. This type of attack typically comes from a wide set of IPs and shows patterns of crawlers, while the attackers search for a vulnerable page or plugin. This type of attack cannot be identified from the standpoint of a single host.

Dangling DNS protection

Azure Defender for App Service introduces protection against dangling DNS for customers who have previously bound custom domain to their App Service hosted application. This work covers both Azure DNS managed domains as well as ones that are managed through external domain registrars. We detect dangling DNS even when it is not the CNAME itself that is dangling but a service further along the line pointing to a decommissioned web site which doesn’t exist. An example for this is a custom domain which points to an existing Azure Traffic Manager which points to a deleted web site.

Azure Defender for App Service monitors deprovisioning of websites and verifies that no alias records have remained. In cases where invalid domain configuration is found, a security alert will be raised so users can quickly remediate a newly created vulnerability. Azure Defender for App Service presents two types of alert:

1. Dangle DNS record detected for a recently decommissioned App Service resource that has a valid DNS pointer (also known as "dangling DNS" entry). This leaves the user susceptible to subdomain takeover.

2. Potential dangle DNS record detected for a recently decommissioned App Service resource that has a valid DNS pointer (also known as "dangling DNS" entry). In this case, a TXT record with the Domain Verification ID was found. There is currently no immediate risk of a subdomain takeover, however it is recommended to remove CNAME pointers for decommissioned App Service resources.

Prevent dangling DNS entries

Ensuring that your organization has implemented processes to prevent dangling DNS entries and the resulting subdomain takeovers is a crucial part of your security strategy.

Some Azure services offer features to aid in creating preventative measures and are detailed below. Other methods to prevent this issue must be established through your organization’s best practices or standard operating procedures.

Source: microsoft.com

Continue reading

KLAS recognizes Microsoft's momentum in healthcare AI

From improving clinical decision making to better managing the COVID-19 pandemic, the benefits of artificial intelligence (AI) applied to health and medicine are undeniable. 2021 is expected to be a year where health systems make unprecedented investments in AI to improve quality, reduce costs, and create more personalized experiences for patients and health consumers alike.

It is against this backdrop that KLAS Research recently named Microsoft as having the strongest perceived Healthcare AI offering among large, cross-industry players. In its report, Decision Insights—Healthcare AI, half of respondents who shared perceptions of Microsoft believe we have a strong healthcare AI offering. The report also gives high marks to other data and AI companies leveraging Microsoft Azure as part of their AI offerings including Epic, Health Catalyst, Jvion, and KenSci. The report goes on to say that health organizations feel Microsoft has more healthcare expertise than the other cross-industry vendors, and calls out the benefits of Azure AI infrastructure and platform being integrated with other highly adopted Microsoft products, such as Microsoft Dynamics 365 and Microsoft Teams.

KLAS Research is a healthcare IT data and insights company providing the industry with accurate, honest, and impartial research on the software and services used by providers and payers worldwide.

This recognition from KLAS Research comes following the analyst firm of Frost and Sullivan recognizing Microsoft as the “undisputed leader” in global AI platforms for the Healthcare IT (HCIT) sector on the Frost Radar™. In a field of more than 200 global industry participants, Frost and Sullivan independently plotted the top 20 companies across various parameters indicative of growth and innovation. According to Frost and Sullivan, “Microsoft earned the top spot because of its industry-leading effort to incorporate next-generation AI infrastructure to drive precision medicine workflows, aid population health analytics, propel evidence-based clinical research, and expedite drug and treatment discovery.”

This is a sentiment also shared by Microsoft’s health partners, including notable partners featured in the KLAS report.

 “Azure offers us the safety and reliability that healthcare customers demand while maintaining the flexibility that they need to define their own path to the cloud. With Microsoft, our clients gain access to a unified programming model, identity model, security model, and management model for both on-premises and cloud implementations. —Dr. John Showalter, Jvion

Building on the strength of our data and AI platform, Microsoft recently announced the general availability of Microsoft Cloud for Healthcare. Microsoft Cloud for Healthcare brings together trusted capabilities to customers and partners that enhance patient engagement, empower health team collaboration, and improve clinical and operational insights. It makes it faster and easier to provide more efficient care and helps to ensure the end-to-end security, compliance, and interoperability of health data.

Some of the features and benefits of our intelligent health-specific cloud offering include

Azure API for FHIR enables the rapid exchange of Protected Health Information (PHI) data through Fast Healthcare Interoperability Resources (FHIR®) APIs, and is backed by a managed platform as a service (PaaS) offering. It makes it easier for anyone working with health data such as electronic medical records and research databases to ingest, manage, and persist information in the cloud creating new opportunities with analytics, machine learning, and actionable intelligence.

Azure Health Bot service empowers healthcare organizations to rapidly build and deploy AI-powered virtual health assistants and chatbots that can be used to enhance their processes, self-service, and cost reduction efforts. The Health Bot comes with built-in healthcare AI services such as clinical protocols and medical content from trusted industry sources, healthcare templates for rapid design, language understanding models that are tuned to understand medical and clinical terminology, and seamless hand-off to live chat and telehealth when required.

Medical Imaging Server for DICOM streamlines the process of ingesting medical imaging data in the cloud and is the first cloud technology which brings together DICOM and FHIR. By using the Medical Imaging Server for DICOM alongside the Azure API for FHIR or FHIR Server for Azure (OSS), data references are created between imaging data and clinical data in FHIR which help to create a better longitudinal view of the patient setting the stage for multiple scenarios which are difficult and expensive to execute in today’s on-premises systems.

Text Analytics for Health enables and simplifies the process of extracting insights from unstructured medical data. This AI service is currently in preview as part of Microsoft Azure Text Analytics and is trained on a diverse range of medical data covering various formats of clinical notes, clinical trials protocols, and more. This health feature can process a broad range of data types and tasks, without the need for time-intensive, manual development of custom models. Much of today’s healthcare data is in the form of unstructured text, such as doctor’s notes, medical publications, electronic health records, clinical trial protocols, medical encounter transcripts, and more.

The accolades Microsoft is receiving for our AI in Health offerings combined with the full launch of Microsoft Cloud for Healthcare lays the foundation for our health customers and partners to build innovative solutions, leading to better experiences, better insights, and better care.

Source: microsoft.com

Continue reading

Gain real-time insights on SAP ERP data with Azure and Qlik Data Integration

For companies worldwide, SAP is at the core of their business applications—housing critical information on sales, manufacturing, and financial processes. Organizations increasingly need granular, real-time visibility about their business by combining SAP ERP data with other data from their different lines of business. To enable everyone in the organization to gain real-time insights from their SAP data and make optimized business decisions, we announced a joint offer with Qlik Data Integration (formerly Attunity) that brings Azure Synapse, Microsoft Power BI, and Qlik Data Integration together for end-to-end supply chain intelligence, finance analytics, and more.

The proof-of-value offer

With this new offer, customers can now work with Azure Synapse Analytics, Azure Machine Learning, Power BI, and Qlik Data Integration to easily understand how to enable real-time insights on SAP data through a robust proof of value. For the two week duration of the joint proof-of-value offer, we will provide customers with a free solution architecture workshop, software subscriptions, and hands-on technical expertise from dedicated personnel and resources from both Microsoft and Qlik Data Integration.

The business value

The combination of Azure Synapse and Qlik Data Integration enables leaders to connect directly to their SAP ERP data in real-time. This accelerated path results in organizations having an analytics-ready solution in the easiest and fasted way possible.

The technical value

Using its proprietary technology, Qlik Data Integration quickly maps SAP business processes and effortlessly creates Azure Synapse schemas and calculations. This enables organizations to go from raw data to quicky discovering actionable insights in Azure Synapse.

Qlik Replicate provides change data capture (CDC) capabilities that move data in real-time through a simple graphical interface that completely automates end-to-end replication. This allows data engineers to easily set up, control, and monitor data pipelines with ease, keeping records in real-time, and in constant sync between SAP and Azure Synapse.

Qlik Compose automatically transforms SAP processes and apps that Azure Synapse can instantly understand. Easily click, drag, and drop SAP schemas into the data warehouse structure so that they’re ready for analytics.

Source: microsoft.com/

Continue reading