Introducing Vision Studio, a UI-based demo interface for Computer Vision

Are you looking to improve the analysis and management of images and videos? The Computer Vision API provides access to advanced algorithms for processing media and returning information. By uploading a media asset or specifying a media asset’s URL, Azure’s Computer Vision algorithms can analyze visual content in different ways based on inputs and user choices, tailored to your business.

Want to try out this service with samples that return data in a quick, straightforward manner, without technical support? We are happy to introduce Vision Studio in preview, a platform of UI-based tools that lets you explore, demo and evaluate features from Computer Vision, regardless of your coding experience. You can start experimenting with the services and learning what they offer, then when ready to deploy, use the available client libraries and REST APIs to get started embedding these services into your own applications.

Overview of Vision Studio

Each of the Computer Vision features has one or more try-it-out experiences in Vision Studio. To use your own images in Vision Studio, you'll need an Azure subscription and a resource for Cognitive Services for authentication. Otherwise, you can try Vision Studio without logging in, using our provided set of sample images. These experiences help you quickly test the features using a no-code approach that provides JSON and text responses. In Vision Studio, you can try out the following services:

What's new to try in Vision Studio

Optical Character Recognition (OCR)

The optical character recognition (OCR) service allows you to extract printed or handwritten text from images, such as photos of street signs and products, as well as from documents—invoices, bills, financial reports, articles, and more. Try it out in Vision Studio using your own images to extract text.

Spatial Analysis

The Spatial Analysis service analyzes the presence and movement of people on a video feed and produces events that other systems can respond to. Try it out in Vision Studio using samples we provide, to see how spatial analysis will improve retail operations.

Face

The Face service provides AI algorithms that detect, recognize, and analyze human faces in images. Facial recognition software is important in many different scenarios, such as identity verification, touchless access control, and face blurring for privacy. Apply for access to the Face API service to try out identity recognition and verification in Vision Studio.

Image Analysis

The Image Analysis service extracts many visual features from images, such as objects, faces, adult content, and auto-generated text descriptions to improve accessibility. Try it out in Vision Studio using your own images to accurately identify objects, moderate content and caption images.

Responsible AI in Vision

We offer guidance for the responsible use of these capabilities based on Microsoft AI’s principles of fairness, reliability and safety, privacy and security, inclusiveness, transparency, and human accountability. The Responsible AI Standard sets out our best thinking on how we will build AI systems to uphold these values and earn society’s trust. It provides specific, actionable guidance for our teams that goes beyond the high-level principles that have dominated the AI landscape to date.

Source: microsoft.com

Continue reading

Azure Scales 530B Parameter GPT-3 Model with NVIDIA NeMo Megatron

Natural language processing (NLP), automated speech recognition (ASR), and text-to-speech (TTS) applications are becoming increasingly common in today’s world. Most companies have leveraged these technologies to create chatbots for managing customer questions and complaints, streamlining operations, and removing some of the heavy cost burden that comes with headcount. But what you may not realize is they’re also being used internally to reduce risk and identify fraudulent behavior, reduce customer complaints, increase automation, and analyze customer sentiment. It’s prevalent in most places, but especially in industries such as healthcare, finance, retail, and telecommunications.

NVIDIA recently released the latest version of the NVIDIA NeMo Megatron framework, which is now in open beta. This framework can be used to build and deploy large language models (LLMs) with natural language understanding (NLU).

Combining NVIDIA NeMo Megatron with our Azure AI infrastructure offers a powerful platform that anyone can spin up in minutes without having to incur the costs and burden of managing their own on-premises infrastructure. And of course, we have taken our benchmarking of the new framework to a new level, to truly show the power of the Azure infrastructure.

Reaching new milestones with 530B parameters

We used Azure NDm A100 v4-series virtual machines to run the GPT-3 model's new NVIDIA NeMo Megatron framework and test the limits of this series. NDm A100 v4 virtual machines are Azure’s flagship GPU offerings for AI and deep learning powered by NVIDIA A100 80GB Tensor Core GPUs. These instances have the most GPU memory capacity and bandwidth, backed by NVIDIA InfiniBand HDR connections to support scaling up and out. Ultimately, we ran a 530B-parameter benchmark on 175 virtual machines, resulting in a training time per step of as low as 55.7 seconds (figure1). This benchmark measures the compute efficiency and how it scales by measuring the time taken per step to train the model after steady state is reached, with a mini-batch size of one. Such outstanding speed would not have been possible without InfiniBand HDR providing excellent communication between nodes without increased latency.

Figure 1: Training time per step on the 530B-parameter benchmark from 105 to 175 virtual machines.

These results highlight an almost linear speed increase, guaranteeing better performance for a higher number of nodes—paramount for heavy or time-sensitive workloads. As shown by these runs with billions of parameters, customers can rest assured that Azure’s infrastructure can handle even the most difficult and complex workloads, on demand.

“Speed and scale are both key to developing large language models, and the latest release of the NVIDIA NeMo Megatron framework introduces new techniques to deliver 30 percent faster training for LLMs,” said Paresh Kharya, senior director of accelerated computing at NVIDIA. “Microsoft’s testing with NeMo Megatron 530B also shows that Azure NDm A100 v4 instances powered by NVIDIA A100 Tensor Core GPUs and NVIDIA InfiniBand networking provide a compelling option for achieving linear training speedups at massive scale.”

Showcasing Azure AI capabilities—now and in the future

Azure’s commitment is to make AI and HPC accessible to everyone. It includes, but is not limited to, providing the best AI infrastructure that scales from the smallest use cases to the heaviest workloads. As we continue to innovate to build the best platform for your AI workloads, our promise to you is to use the latest benchmarks to test our AI capabilities. These results help drive our own innovation and showcase that there is no limit to what you can do. For all your AI computing needs, Azure has you covered.

Source: microsoft.com

Continue reading

The Value of Microsoft Power Platform Fundamentals PL-900 Certification

Suppose your job demands enterprise business applications. In such a case, you may already understand a thing or two about the Microsoft Power Platform, a comprehensive application suite aimed to help organizations manage, automate, and analyze data. This post represents the quickest route to succeeding in this field with the Microsoft Power Platform Fundamentals PL-900 Exam.

Microsoft Power Platform Fundamentals PL-900 Exam Overview

Microsoft PL-900 exam comprises 40-60 questions. And the Microsoft PL-900 exam questions can be of different types, such as multiple-choice, short answers, case study, mark review, drag and drop, and so on. However, to finish this exam, you will be given a time limit of 60 minutes. And ultimately, the passing score is 700 out of 1000. Further, the exam will cost you $99, including the additional taxes. The exam is taken in the English language.

Microsoft PL-900 exam syllabus topics are described below, together with the amount percentage it weighs in the Exam:

• Describe the business value of Microsoft Power Platform (20–25%)
• Identify the core components of Microsoft Power Platform (10–15%)
• Demonstrate the capabilities of Power BI (20–25%)
• Demonstrate the capabilities of Power Apps (25–30%)
• Demonstrate the capabilities of Power Automate (10–15%)
• Demonstrate the capabilities of Power Virtual Agents (1–5%)

Targeted Audience

The PL-900 exam is designed for seasoned users of the Microsoft Power Platform who strive to upgrade to the next level. Suppose you have experience working solely with apps that your organization has created. In such case, passing the PL-900 certification exam will equip you with the skills to work elaborately with Power Apps, Power BI, Power Virtual Agents, and Power Automate to evolve and design tools that will satisfy your requirements.

Microsoft Power Platform Fundamentals PL-900 Exam Preparation

Microsoft provides study resources for PL-900 Exam. Moreover, you can obtain free preparation material on the official website. An applicant can decide whether to choose the official study resources for the PL-900 exam preparation or self-study guides. Both are trustworthy, but the official material is appropriate for non-experienced applicants, as seasoned professionals won’t face hardship in understanding difficult exam topics during self-study.

PL-900 Practice Test

One of the most vital aspects of the Microsoft PL-900 exam preparation is assessing your preparedness repeatedly. Thus, experience professionals suggest that applicants should take up some practice tests to gauge their preparation level.

PL-900 practice test can be vital in providing you with an in-depth understanding of the exam through your trial. With the practice test, you can identify the weak areas and focus on improving them. It also helps to revise the exam topics and to keep track of your preparedness.

Here are the prime reasons why you should take up practice tests-

• Helps overcome exam fear.
• Understanding the structure of the exam.
• Better manage the approach for the actual exam.
• Identify weak and strong areas.
• Improves speed and accuracy.

The Value of Microsoft Power Platform Fundamentals Certification

For IT professionals who have never collaborated with Power Platform, the PL-900 won’t appear too worthwhile, nor will it have too much assurance. But needless to say, passing the PL-900 exam and achieving the Microsoft Certified - Power Platform Fundamentals certification will give you constructive skills and knowledge. But you can invest your resources and time in better means to benefit from your career.

If you work in the Microsoft Power Platform province, you have two reasons why this Microsoft certification is the best fit for your career.

First, the Microsoft Power Platform Fundamentals certification will add notable value to your career if you are a technical head working with all or most of these technologies. The study resources for this certification exam address basic business case studies and use cases. Studying through these resources will help you expand the depth of your understanding and technical skills so that you figure out how clients apply such functions every day.

Secondly, achieving Microsoft Power Platform Fundamentals certification should be one of your greatest choices as a business user without too much technical knowledge or background. It’s easy to instinctively get classified as you work with existing or already programmed or developed tools, and you start making speculations that restrict your creativity and your productivity.

Acknowledging, analyzing, and comprehending the many technical factors overarching the Power Platform can help speed up your career, modify your organization tools and create new use cases for the future.

Give your career the boost it deserves with Microsoft Power Platform Fundamentals PL-900 certification.

Continue reading

Enterprise-grade DDoS protection for SMBs now available in preview

Distributed denial of service (DDoS) attacks are some of the largest availability and security concerns facing customers that are moving their applications to the cloud. While cyber-attacks are on the rise, they typically make the news only when a large organization has fallen victim to an attack. However, contrary to what many may think, small and medium businesses (SMBs) are just as enticing to cybercriminals. While large organizations have the resources needed to protect themselves, small businesses often lack the budget and qualified staff to defend against DDoS attacks.

At Microsoft, we continuously enhance our product offerings to meet the needs of all organizations, including helping SMBs on their digital transformation journey by ensuring that they are protected against the latest DDoS attack vectors. As we shared at Microsoft Ignite, Azure DDoS IP Protection SKU, a new SKU of Azure DDoS Protection built for SMBs, is now available in preview.

Cost-effective, enterprise-grade DDoS protection for small businesses

DDoS IP Protection is designed to meet the needs of SMBs, providing enterprise-grade DDoS protection at an affordable price point. It offers the same essential capabilities as Azure DDoS Network Protection (previously known as Azure DDoS Protection Standard) to protect your resources and applications against evolving DDoS attacks, including L3/L4 automatic attack detection and mitigation, metrics and alerts, mitigation flow logs, mitigation policies tuned to customer applications, and tight integration with Azure Firewall Manager, Microsoft Sentinel, and Microsoft Defender for Cloud.

With the DDoS IP Protection SKU, customers now have the flexibility to enable DDoS protection on individual public IP addresses. SMB customers who have a few public IP addresses to protect will benefit from this cost-effective DDoS protection option.

Key features of Azure DDoS IP Protection

◉ Massive mitigation capacity and scale: Defend your workloads against the largest and most sophisticated attacks with cloud-scale DDoS protection backed by Azure’s global network.

◉ Adaptive tuning: Protect your apps and resources while minimizing false negatives with adaptive tuning tuned to the scale and actual traffic patterns of your application.

◉ Attack analytics, metrics, and logging: Monitor DDoS attacks near real-time and respond quickly to attacks with visibility into the attack lifecycle, vectors, and mitigation.

◉ Integration with Azure Firewall Manager: Centrally manage your DDoS protection across your environment alongside other network security services.

◉ Integration with Microsoft Sentinel and Microsoft Defender for Cloud: Strengthen your security posture with rich attack analytics and telemetry integrated with Microsoft Sentinel and security alerts and recommendations provided by Microsoft Defender for Cloud.

Choosing the right DDoS protection SKU for your needs

Azure DDoS protection now offers two SKUs:

 

◉ DDoS IP Protection is recommended for SMB customers with a few public IP resources who need a comprehensive DDoS protection solution that is fully managed, and easy to deploy and monitor.

◉ DDoS Network Protection (previously known as Azure DDoS Protection Standard) is recommended for larger enterprises and organizations looking to protect their entire deployment that spans multiple virtual networks and includes many public IP addresses. It also offers value-added features like cost protection, DDoS Rapid Response, and discounts on Azure Web Application Firewall.

Let’s see a detailed comparison of these two SKUs:

Azure DDoS IP Protection pricing

With DDoS IP Protection SKU, you only pay for the public IP resources protected. The monthly cost is fixed for each public IP resource protected with no additional variable costs. Prices may vary by region. Billing for IP Protection will be effective starting on February 1, 2023.

Get Started

DDoS IP Protection is currently available in preview in select regions and can only be enabled on Public IP Standard SKU. DDoS IP Protection is currently only available in the Azure Preview Portal and will be made available on the Azure Portal soon.

Source: microsoft.com

Continue reading

Visualize and monitor Azure & hybrid networks with Azure Network Watcher

There is a critical need for increased visibility and control over the operational state of complex networks running sophisticated workloads. Multi-cloud and hybrid network environments power new demands of remote work, 5G/Edge connectivity, microservices based workloads, and increased cloud adoption. The advent of the cloud has added agility, cost benefits, and brought along the need for management of the infrastructure. Management and monitoring of the network underlying these complex applications plays a key role in ensuring end-user satisfaction.

Azure Network Watcher provides an entire suite of tools to visualize, monitor, diagnose, and troubleshoot network issues across Azure and Hybrid cloud environments. Network Watcher enables customers to detect anomalies across Azure and hybrid networks with comprehensive wide coverage, through a guided and intuitive drilled-down experience. Network Watcher helps customers monitor, manage, and understand their own networks for performance, connectivity, security, and compliance issues and furthermore, empowers customers to troubleshoot efficiently with actionable insights and proactive alerting, thus effectively reducing the mean time to resolve network issues.

The following new feature enhancements across Network Watcher suite aim to provide timely and complete visibility and actionable insights to customers of their hybrid networks in a manner that is easily accessible, readily usable, and reliable.

Visualize resource and network health with Topology

Topology enables users to quickly acquire system context, comprehend state, and troubleshoot issues efficiently by visualizing the resources in a network. It offers a visually connected experience for monitoring and managing inventory.

This new topology experience in Azure, which replaces the Network Watcher topology, will enable customers to create a consistent and dynamic topology across multiple subscriptions, regions, and resource groups (RGs)—comprising of numerous resources.

Allowing deep dives into the customer’s environment, Topology lets users drill down from regions, VNETs to subnets, and resource view diagram of resources supported in Azure.

Stitching the end-to-end monitoring and diagnostics story for all Network Monitoring needs, topology offers the capability to run Next Hop directly from a VM selected in the topology.

Significant features available with this preview: 

◉ Multi-region and multi-subscription–dynamic drill-down visualization.

◉ Health status of resources using resource health (RHC) status.

◉ Diagnostics tool Next Hop integration.

◉ Resource view diagram for all supported resources.

Monitor connectivity using Azure Monitor Agent with Connection Monitor

Integration of Azure Monitor Agent’s support consolidates multi-monitoring agents into a single connectivity monitoring agent in Azure Network Watcher’s Connection Monitor.

Connection Monitor, a multi-agent solution, monitors connectivity at regular intervals across Azure and Hybrid endpoints and provides aggregated data for packet loss, latency, and status codes over TCP, ICMP, and HTTP(s) pings.

Connection Monitor helps you troubleshoot network issues with faster alerts for lack of connectivity or reachability to the endpoints. The unified topology rendered provides a complete end-to-end visualization of the network path from source to destination, with actionable insights.

This agent integration enhancement addresses connectivity monitoring logs and metrics data collection needs across Azure and ARC-enabled on-premises machines, thus eliminating the overhead of management and enablement of multiple monitoring agents. Additionally, Azure Monitor Agent provides enhanced security and performance capabilities, effective cost savings, and ease of troubleshooting with simpler management of data collection. With this support, dependency on the soon-to-be-retired Log Analytics agent is eliminated, while increasing the coverage for on-premises machines with support for ARC-enabled endpoints.

Significant features available with preview:

◉ Connectivity monitoring support for ARC-enabled on-premises endpoints.

◉ Simpler management of monitoring extension.

◉ One agent for monitoring Azure and non-Azure endpoints.

◉ Enhanced security through Managed Identity and Azure Active Directory (Azure AD) tokens.

Source: microsoft.com

Continue reading

Cost optimization using Azure Migrate

The higher energy cost and the resulting increase in the cost of doing business have led to a tighter economic outlook for most businesses around the world. This, in turn, is a major contributing factor to customers becoming more cost-conscious, leading to an increased need for optimization features in products and services. Azure Migrate’s comprehensive suite includes many features to optimize cost, while catering to your performance needs to meet service level agreements (SLAs). Agentless discovery and mapping of your entire on-premises IT estate, software inventory analysis for assessment and planning, and right-sized migration using a single portal to start, run, and track your projects, are a few cost-effective features that also contribute to ease of use. Once in Azure, the path towards greater optimization and cost savings continues through modernization to platform as a service (PaaS) and software as a service (SaaS).

Customer requirements and benefits

The customer must stay competitive, both on the technical and business fronts, to ensure continued success. Technical competency requires an agile and innovative IT platform with data analytics to provide insights that can help differentiate from the competition. It would be ideal if such an innovative platform were available at a competitive cost. Incidentally, modernizing existing IT infrastructure, applications, and data-to-PaaS/SaaS models in the cloud delivers on all these requirements, leading to a higher return on investment (ROI) for the customer.

The higher efficiency and lower cost due to the adoption of modern cloud-native architectures also lead to greater levels of flexibility and reduced vendor lock-in. Thus, setting the stage for the customer to realize greater value as they progress from IaaS to PaaS and onto SaaS models. 

Microsoft’s focus on cost optimization

During Microsoft Ignite, we are highlighting our continued commitment to cost optimization through support for SQL Server assessments, prior to migration and modernization using Azure Migrate. Customers can now perform unified, at-scale, agentless discovery and assessment of SQL Servers on Microsoft Hyper-V, bare-metal servers, and infrastructure as a service (IaaS) of other public clouds, such as AWS EC2, in addition to VMware environments. The capability will allow customers to analyze existing configurations, performance, and feature compatibility to help with right-sizing and estimating cost. It will also check on readiness and blockers for migrating to Azure SQL Managed instance, SQL Server on Azure virtual machine, and Azure SQL Database. All this information can also be presented in a single coherent report for easy consumption while reducing cost for customers.

Source: microsoft.com

Continue reading

Ensure zone resilient outbound connectivity with NAT gateway

Our customers—across all industries—have a critical need for highly available and resilient cloud frameworks to ensure business continuity and adaptability of ever-growing workloads. One way that customers can achieve resilient and reliable infrastructures in Microsoft Azure (for outbound connectivity) is by setting up their deployments across availability zones in a region.

When customers need to connect outbound to the internet from their Azure infrastructures, Network Address Translation (NAT) gateway is the best way. NAT gateway is a zonal resource that is configured to subnets from the same virtual network, which means that it can be deployed to individual zones to allow outbound connectivity. Subnets and virtual networks, on the other hand, are regional constructs that are not restricted to individual zones. Subnets can contain virtual machine instances or scale sets spanning across multiple availability zones.

Even without being able to traverse multiple availability zones, NAT gateway still provides a highly resilient and reliable way to connect outbound to the internet. This is because it does not rely on any single compute instance like a virtual machine. Instead, NAT gateway leverages software-defined networking to operate as a fully managed and distributed service with built-in redundancy. This built-in redundancy means that customers are unlikely to experience individual NAT gateway resource outages or downtime in their Azure infrastructures.

To ensure that you have the optimal outbound configuration to meet your availability and security needs while also safeguarding against zonal outages, let’s look at how to create zone resilient setups in Azure with NAT gateway.

Zone resilient outbound connectivity scenarios with NAT gateway

Customer setup

Let's say you are a retailer who is preparing for an upcoming Black Friday event. You anticipate that traffic to your retail website will increase significantly on the day of the sale. You decide to deploy a virtual machine scale set (VMSS) so that way your compute resources can automatically scale out to meet the increased traffic demands. Scalability is not the only requirement you have in preparation for this event, but also resiliency and security. To ensure that you safeguard against potential zonal outages that could impact traffic flow, you decide to deploy these VMSS across multiple availability zones. In addition to using VMSS in multiple availability zones, you plan to use NAT gateway to handle all outbound traffic flow in a scalable, secure, and reliable manner.

How should you set up your NAT gateway with your VMSS across multiple availability zones? Let’s take a look at a few different configurations along with which setups will and won’t work.

Scenario 1: Set up a single zonal NAT gateway with your zone-spanning VMSS

First, you decide to deploy a single NAT gateway resource to availability zone 1 and your VMSS across all three availability zones within the same subnet. You then configure your NAT gateway to this single subnet and to a /28 public IP prefix, which provides you a contiguous set of 16 public IP addresses for connecting outbound. Does this setup safeguard you against potential zone outages? No.

Figure 1: A single zonal NAT gateway configured to a zone-spanning set of virtual machines does not provide optimal zone resiliency. NAT gateway is deployed out of zone 1 and configured to a subnet that contains a VMSS that spans across all three availability zones of the Azure region. If availability zone 1 goes down, outbound connectivity across all three zones will also go down.

Here’s why:

1. If the zone that goes down is also the zone in which NAT gateway has been deployed then all outgoing traffic from virtual machines across all zones will be blocked.

2. If the zone that goes down is different than the zone that NAT gateway has been deployed in, then outgoing traffic from the other zones will still occur and only virtual machines from the zone that has gone down will be impacted.

Scenario 2: Attach multiple NAT gateways to a single subnet

Since the previous configuration will not provide the highest degree of resiliency, you decide you will instead deploy 3 NAT gateway resources, one in each availability zone, and attach them to the subnet that contains the VMSS. Will this setup work? Unfortunately, no.

Figure 2: Multiple NAT gateways cannot be attached to a single subnet by design.

Here’s why:

A subnet cannot have more than one NAT gateway attached to it and it is not possible to set up multiple NAT gateways on a single subnet. When NAT gateway is configured to a subnet, NAT gateway becomes the default next hop type for network traffic before reaching the internet. Consequently, virtual machines in a subnet will source NAT to the public IP address(es) of NAT gateway before egressing to the internet. If more than one NAT gateway were to be attached to the same subnet, the subnet would not know which NAT gateway to use to send outbound traffic.

Scenario 3: Deploy zonal NAT gateways with zonally configured VMSS for optimal zone resiliency

What is the optimal solution then for creating a secure, resilient, and scalable outbound setup? The solution is to deploy a VMSS in each availability zone, configure each to their own respective subnet and then attach each subnet to a zonal NAT gateway resource.

Figure 3: Zonal NAT gateways configured to individual subnets for zonal VMSS provide optimal zone resiliency for outbound connectivity.

Deploying zonal NAT gateways to match the zones of the VMSS provides the greatest protection against zonal outages. Should one of the availability zones go down, the other two zones will still be able to egress outbound traffic from the other two zonal NAT gateway resources.

Summary of zone resilient scenarios with NAT gateway

Scenario	Description	Rating
Scenario 1	Set up a single zonal NAT gateway with your VMSS that spans across multiple availability zones but confined to a single subnet.	Not recommended: if the zone that NAT gateway is located in goes down then outbound connectivity for all VMs in the scale set goes down.
Scenario 2	Attach multiple zonal NAT gateways to a subnet that contains zone-spanning virtual machines.	Not possible: multiple NAT gateways cannot be associated to a single subnet by design.
Scenario 3	Deploy zonal NAT gateways to separate subnets with zonally configured VMSS.	Optimal configuration to provide zone resiliency and protect against outages.

FAQ on NAT gateway and availability zones

1. What does it mean to have a "no zone" NAT gateway?

◉ "No zone" is the default availability zone selected when you deploy a NAT gateway resource. No zone means that Azure places the NAT gateway resource into a zone for you, but you do not have visibility into which zone it is specifically placed. It is recommended that you deploy your NAT gateway to specific zones so that you know in which zone your NAT gateway resource resides. Once NAT gateway is deployed, the availability zone designation cannot be changed.

2. If I have Load Balancer or instance-level public IPs (IL PIPs) on virtual machines and NAT gateway deployed in the same virtual network and NAT gateway or an availability zone goes down, will Azure fall back to using Load Balancer or IL PIPs for all outbound traffic?

◉ Azure will not failover to using Load Balancer or IL PIPs for handling outbound traffic when NAT gateway is configured to a subnet. After NAT gateway has been attached to a subnet, the user-defined route (UDR) at the source virtual machine will always direct virtual machine–initiated packets to the NAT gateway even if the NAT gateway goes down.

Source: microsoft.com

Continue reading

Modernize with Microsoft Cloud, the most complete developer platform

Developers are essential to the world we live in, and the work you do is critical to the success of organizations in every industry. Microsoft empowers innovators like you on your unique journey. With an end-to-end cloud platform, Microsoft Cloud lets you quickly and easily innovate and create a secure foundation for all your applications.

At Microsoft Ignite, we explore how to increase productivity and flexibility with Azure’s cloud-native solutions and low-code app development enables you to iterate quickly and go to market faster—and how to access the most comprehensive set of tools for development at Microsoft. There’s so much we can learn from each other on this journey, let’s dive into the key topics, announcements, and trends you’ll leave with after Microsoft Ignite.

Accelerate innovation with the most complete cloud developer platform

The Microsoft Cloud is a comprehensive platform that enables developers to build incredible solutions. At the core of the Microsoft Cloud is Azure, the underlying infrastructure that enables you to build anything you can imagine. Using Azure DevOps and Azure Kubernetes Service, Ernst and Young Global Limited (EY) has built more agile practices and shifted into a rolling product-delivery approach of software and services. They have been able to develop and deploy solutions faster and with more confidence across a wide range of environments.

We are committed to helping you do more with less. With the Microsoft Cloud toolbox filled with Visual Studio, Azure, GitHub, and Power Platform, you can build reliable, scalable, and high-performance cloud-native applications.

Surging demand for digital solutions and an increasing shortage of technical skills is forcing organizations to adapt their IT development strategies. By empowering everyone to contribute to development processes, IT can multiply technical capacity, accelerate development cost-effectively, and innovate with the business. Adopting the world’s most complete set of integrated low-code development tools means organizations can modernize operations at scale, differentiate services and experiences, and accelerate their journey to the cloud in a secure, governable, and cost-effective way.

During Microsoft Ignite, I’m excited to share some news and updates designed to address these needs and improve the overall developer and maker experience even further with our beloved tools and Microsoft Cloud platform—all designed to help you quickly code and ship from anywhere with confidence.

Increasing productivity and quality for hybrid development teams

Microsoft’s developer cloud is purpose-built to support teams through the entire software development lifecycle. Azure provides the cloud infrastructure that quickly builds a robust, resilient application that scales and is easy to maintain and operate.

I am happy to announce Azure Deployment Environments is available for preview.

◉ Microsoft Dev Box and Azure Deployment Environments pair together to give developers a complete cloud-powered workflow for any project that can be fully managed by IT admins.

◉ Dev Box offers developers high-performance, cloud-based workstations that help get you coding quickly.

◉ Azure Deployment Environments enables teams to spin up the infrastructure needed to run their project in the cloud quickly and on demand.

◉ Azure Load Testing helps teams test and meet scale and performance goals with confidence.

I am excited to announce the preview of GitHub Advanced Security for Azure DevOps.

◉ Which brings GitHub’s industry-leading, developer-focused security tooling to Azure DevOps.

◉ GitHub streamlines our workflows and processes through better collaboration and automation.

◉ GitHub Advanced Security provides a native application security solution within our development workflow, enabling the management of open-source dependencies, custom code, and secrets across the software lifecycle.

Drive application innovation and modernization at scale with cloud-native architectures

Cloud-native apps can deliver new levels of scale and performance and provide even greater reliability. Using cloud-native design patterns helps achieve the agility, efficiency, and speed of innovation that organizations need to deliver value to end users. Azure Kubernetes Service enables developers to take full advantage of the Kubernetes ecosystem and scale cloud-native applications. For example, the Forza team utilized autoscaling Azure Kubernetes Service during the launch of Forza Horizon 5 to meet the challenging performance demand of 10 million concurrent players at launch—the biggest first week in Xbox Game Studios history.

The goal of using cloud-native technologies is to abstract the infrastructure from developers, freeing them to focus on building more cloud-optimized applications. Today, I’m proud to announce Azure Kubernetes Fleet Manager preview, which allows you to easily manage fleets of Kubernetes clusters, run multi-cluster workloads and services, and ensure consistent configuration, access, and governance across your Kubernetes environment.

How modernizing enterprise applications enables you to do more with less

Azure’s fully managed application platform service offerings such as Azure App Service and Azure Spring Cloud are uniquely differentiated for .NET and Java customers in that they enable customers to modernize applications with minimal code changes and increased developer velocity. With Azure application platform services, you offload the management of the underlying cloud infrastructure to Azure, which allows you and your developers to focus on app innovation rather than managing, configuring, securing, and updating the underlying infrastructure (because Azure does that for you). This helps streamline costs by modernizing your apps using readily available skills. Further, generates trust and customer loyalty thanks to industry-leading platform security from Azure, which is built right into the platform. Easily integrate your internal and external stakeholders in the modernization journey and get maximum scale without having to worry about over-provisioning or under-provisioning resources. With Azure App Service and other Azure application platform services, you can innovate more and build more value for your business.

One example of a customer taking advantage of Azure’s managed services and serverless compute options is COFCO International, China’s largest food and agricultural business corporation. COFCO International utilized Azure Logic Apps and Azure Functions to create new solutions for application integration, data aggregation and reporting, and data governance, which has enabled them to make decisions faster and provide better visibility with improved analytics capabilities.

Streamline low-code governance in your organization

With Power Platform, Microsoft provides a central low-code platform that allows makers to enjoy shared components and common building blocks, allowing organizations to bring low-code assets into a central framework and give IT the visibility to govern centrally at scale. Power Platform runs on top of Azure and benefits from the strengths of Azure’s security, advanced management capabilities, and rich set of industry-specific certifications.

Power Platform enables IT to gain visibility and control over applications at scale with Managed Environments, now generally available. Managed Environments is a brand-new capability to streamline and simplify governance at scale. It gives you more control with sharing limits, security and reliability validations, and the ability to customize the maker onboarding experience.

Power Pages: low-code web development

Power Pages is now generally available. Power Pages is an enterprise-grade connectivity platform for organizations to build and launch external self-service websites. The Power Pages platform allows them to connect with their customers, partners, and communities and share business data, collaborate, and automate business processes with them at scale and securely. Learn more about building secure business websites.

Low-code is a critical tool for skilling today’s workforce

Power Platform has empowered millions of people to do more with less and build mission-critical apps for their businesses. Now with the new Power Up program, people without development backgrounds can transform their careers through a guided training program and community. The Power Up upskilling program provides training, offers certification, and recognizes people who excel.

There are so many new and exciting capabilities to experience and dive into at Microsoft Ignite. You can learn more about these announcements and how Microsoft is committed to delivering the best development experience at the session Accelerate innovation with the world's most complete cloud developer platform. Join us throughout the entire event for breakout sessions, demos, opportunities to connect with experts, learning experiences, and much more.

Source: microsoft.com

Continue reading

New Azure for Operators solution accelerator offers a fast path to network insights

5G marks an inflection point for operators. The disaggregation of software and hardware in 5G enables operators to move telecommunication workloads to public or hybrid public/private cloud infrastructures, giving them unprecedented agility and flexibility to deliver exceptional customer experiences and realize cost efficiencies. However, the full benefit of running large-scale telecommunication services in the cloud can only be achieved if cloud adoption is accompanied by a comprehensive approach to network analysis and automation supported by cloud-based big data and AI.

Today, Azure for Operators is introducing a network analytics solution accelerator program, providing a standardized approach to data acquisition and visualization that aids operators on their journey toward complete end-to-end AI Operations (AIOps). The solution employs the same operational techniques and capabilities that Microsoft uses to manage Azure, packaged specifically for operator analytics. Our network analytics solution comprises existing Azure services combined with unique capabilities developed specifically for communications service providers, which allows network planners and engineers to visualize performance and troubleshoot service anomalies.

Disaggregated cloud native 5G networks add many new individual elements that must interwork effortlessly. These increasing interdependencies mean management and analytics tools can no longer run in relative isolation. Successfully deploying and managing end-to-end services in such environments requires the ability to analyze network and host platform data simultaneously from numerous sources. Only then can operators reactively and proactively diagnose issues, while ensuring operational costs are kept in check and that customers are always presented with the best user experiences.

With the scale and complexity of such services, network management needs to operate autonomously in a closed loop manner—taking operational insights on the health of network elements and the underlying distributed cloud infrastructure and ensuring a service is configured optimally.

At Microsoft, we understand this journey because Azure went through a similar evolution. In the early days, we recognized the challenges of troubleshooting across disparate services. To solve this, we established a common data analytics infrastructure that gave us a comprehensive view of how our services performed, which resulted in lower engineering overheads and better service quality.

Control starts with network insights

Large operators generate petabytes of data every day—complicating the challenges associated with quickly ingesting, cost-effectively storing, and concisely analyzing the information to gain meaningful insights. Public clouds are ideal for solving these problems because they simplify the ability to aggregate and analyze data, thereby allowing operators to rapidly identify and act on any irregularities or opportunities. Azure excels in this area with a portfolio of trusted storage, machine learning, business intelligence, and automation tools.

Azure Data Lake Storage, for example, can capture and store a wealth of disparate log data generated by communications services. Data lakes are more adept than classic data warehouses at handling the sheer velocity, volume, and variety of information operators will need to store. Lakehouses, such as those enabled using Azure Databricks, provide a mediation layer to enforce data quality and consistency.

Once ingested, Azure has several standardized services for aggregating and analyzing otherwise distinct data streams such as logs, traces, telemetry information, and alerts, from inherently different platforms, network functions, and devices. Azure Data Explorer (ADX) rapidly ingests and analyzes petabytes of unstructured, structured, and semi-structured data formats. Similarly, Power BI provides real-time analytical intelligence through a combination of dynamic visualizations and AI-driven insights.

Azure network analytics empowers operations teams to accelerate root cause analysis, enables capacity planners to understand where to deploy new resources, and allows engineers to improve customer experiences by enhancing network performance and quality of service. Our analytics offerings can also assist business teams in tuning marketing strategies toward reducing customer churn and increasing monetization opportunities.

Naturally, with large companies and many users handing enormous amounts of potentially sensitive information, we must guarantee the governance, integrity, and security of this data, providing role-based access while ensuring relevant compliance standards and policies are followed. Microsoft’s Purview provides a fully managed and centralized unified data governance service that delivers the tools such organizations demand. Purview can even prevent the duplication of analytics dashboards, providing a quick and easy way to search for existing interfaces that meet their immediate needs.

Intent-based management and closing the loop

A critical step towards a fully automated network is the ability to identify anomalies and predict issues before they become catastrophic failures. Existing rules-based systems rely on heuristic approaches that will struggle to scale to the quantity and complexity of data they must ingest to pinpoint potential problems within modern network infrastructures. Instead, big data and machine learning–driven inferencing approaches are needed to predict problems hidden within terabytes of disparate logs, error messages, and security alerts with lower severity levels.

Closing the loop from detection to resolution requires a comprehensive vendor and platform-agnostic approach to provisioning standalone network functions and end-to-end services. This evolves to solutions working at the application layer that make choices about how and where to instantiate elements that enable a complete end-to-end service. Such solutions operate across multiple access, edge, core compute, and cloud platforms and are responsible for assigning appropriate resources and tuning configurations within each component to meet the requirements of the service. Underpinning this is multi-cloud and edge lifecycle management systems such as Azure Arc, which provides ongoing governance and management of virtual machines, Kubernetes clusters, and databases.

Ultimately, the goal is that the network operates autonomously based on a loose set of expected outcomes rather than explicit rules defining how to react to specific requests or conditions. Such intent-based management systems will require the application of artificial neural networks which employ deep learning on the vast amounts of real-time data streams that will enable them to train themselves to carry out tasks and perform actions.

There are many scenarios where our network analytics capabilities are needed today. Operators can use the solution to proactively analyze the quality of service in mobile and fixed voice networks, detect issues, prevent outages, and gain insight into infrastructure utilization for capacity planning. The network analytics solution also monitors mobile core performance, looking for underlying platform issues and reporting poor quality of service to accelerate root cause analysis. Furthermore, the solution performs deep packet analysis of end-to-end services, which accelerates deployments and reduces the mean time to repair.

Partner with Microsoft on the AIOps journey

The network management and automation journey can look daunting but, with our network analytics solution accelerator program we offer operators an easier path. With the right technology and the flexibility to handle data from many systems, operators can adopt automation incrementally and at their own pace, meeting business objectives along the way. Azure network analytics allows operations teams to build trust in big data and AI and provides the foundation for closed loop automation.

As part of the Azure for Operators program, Microsoft is making it easy to start discovering the power of Azure’s network analytics offerings. Our solution accelerator enables service providers and systems integrators to take advantage of the Azure tools and services available today as they evolve their longer-term AIOps analytics strategies. Our experts are on hand to guide you through the process of importing, analyzing, and visualizing the massive amounts of data produced by the networks you maintain. Plus, we have resources available to help solve any network issues you are experiencing today or simply understand how your infrastructure is performing.

Source: microsoft.com

Continue reading

Scalable management of virtualized RAN with Kubernetes

Among the many important reasons why telecommunication companies should be attracted to Microsoft Azure are our network and system management tools. Azure has invested many intellectual and engineering cycles in the development of a sophisticated, robust framework that manages millions of servers and several hundred thousand network elements distributed in over one hundred and forty countries around the world. We have built tools and expertise to maintain these systems, use AI to predict problem areas and solve them before they become issues, and provide transparency in the performance and efficiency of a very large and complicated system.

At Microsoft, we believe these tools and expertise can be repurposed to manage and optimize telecommunication infrastructure as well. This is because the evolving infrastructure for telecommunication operators includes elements of edge and cloud computing that lend themselves well to global management. In this article, I will describe some of the more interesting technologies that fit into the management of a cloud-based telecommunications infrastructure.

Up and running in just a few clicks

If you want to set up a 5G cellular site, there are a few key requirements. After gathering and interconnecting your hardware (servers, network switches, cables, power supplies, and other components), you then plug in your edge server machines to power and networking outlets. Each machine will be accessible via a standards-based board management controller (BMC) that usually runs a lightweight operating system, Linux, for example, to remotely manage the machine via the network.

When powered up, the BMC will obtain an IP address, most likely from a networked DHCP server. Next, an Azure VPN Gateway will be instantiated—this is a Microsoft Azure-managed service that is deployed into an Azure Virtual Network (VNet), and provides the endpoint for VPN connectivity for point-to-site VPNs, site-to-site VPNs, and Azure ExpressRoute. This gateway is the connection point into Azure from either the on-premises network (site-to-site) or the client machine (point-to-site). Using private VNet peering allows Azure to talk to the BMC on each machine.

Once this is working, the network operator can enable scripts that talk to the BMC via Azure to run automatically and can install the basic input/output system (BIOS) and proper software operating system (OS) images on the machine. Once these edge machines have an OS, a Kubernetes (K8s) cluster can be created, encompassing multiple machines by using tools such as Kubeadm. The K8s cluster is connected to Microsoft Azure Arc so that workloads can be scheduled onto the cluster using Azure APIs.

Management via Azure Arc

Microsoft Azure Arc is a set of technologies that extend Azure management to any infrastructure, enabling the deployment of Azure data services anywhere. Specifically, Azure management can be extended to Linux and Windows physical and virtual servers, and to K8s clusters so Azure data services can run on any K8s infrastructure. In this way, Azure Arc provides a unified management experience across the entire telecommunications infrastructure estate, whether it’s on-premises, in a public cloud, or in multiple public clouds.

This creates a single pane view and automation control plane of its heterogeneous environments, as well as the ability to govern and manage all these resources in a consistent way. Microsoft Azure portal, role-based access control, resource groups, search, and services like Azure Monitor and Microsoft Sentinel are also enabled. Security for next-generation networks, like the ones telecommunications operators are lighting up, is a topic I recently wrote about.

For developers, this unified framework delivers the freedom to use the tools they are familiar with while focusing more on the business logic in their applications. Microsoft Arc along with other existing and new Microsoft technologies and services forms the basis of our Azure Operator Distributed Services which will bring a carrier-grade hybrid cloud service to the market.

However, running radio access network (RAN) functions on a vanilla Arc-connected Kubernetes cluster is difficult. It requires manual and vendor-specific tuning, resource management, and monitoring capabilities, making it difficult to deploy across servers with different specs and to scale as more virtual RAN (vRAN) deployments come up. Therefore, in addition to Microsoft Azure Arc and Azure Operator Distributed Services, we have developed the Kubernetes for Operator RAN (KfOR) framework, which provides extensions that are installed on top of vanilla K8s clusters to specifically enhance the deployment, management, and monitoring of RAN workloads on the cluster. These are the essential components necessary for lighting up the automatic management and self-healing properties of next-generation telecommunication cloud networks, creating an edge platform that turns the vRAN into yet another cloud-managed application.

Kubernetes for Operator RAN (KfOR) extensions for virtualized RAN

To optimally utilize edge server resources and provide reliability, telecommunication RAN network functions (NFs) typically run in containers within a server cluster, utilizing K8s for container orchestration. Although Kubernetes allows us to take advantage of a rich ecosystem of components, there are several challenges related to running high service-level agreements, high-performance, and latency-sensitive RAN NFs in edge datacenters.

For example, RAN NFs run close to the cell tower in the far-edge, which in many cases is owned by the telecommunications operator. Performance requirements for high availability, high performance, and low latency needed by vRAN necessitate the use of single root I/O virtualization(SR-IOV) working with a data plane development kit (DPDK), programmable switches, accelerators, and custom workload lifecycle controllers. This is well beyond what standard K8s offer.

To address these challenges, we have developed KfOR, which patches this hole and enables end-to-end deployment, RAN management, monitoring, and analytics experience through Azure.

The figure shows how the various components of Azure and Kubernetes (blue) and those developed by the Azure for Operators team (green) fit together. Specifically, it shows the use of an Azure Resource Provider (RP) and an Azure Managed App, which allows the spin-up of a Management Azure Kubernetes Service (AKS) cluster on Azure. This control-plane management cluster can then utilize open source and in-house developed components to deploy and manage the edge cluster (the Azure Arc–enabled Kubernetes workload cluster).

The control plane manages both the provisioning of the bare-metal nodes on the workload cluster, as well as the Kubernetes components running on these nodes. Within the workload cluster, KfOR provides custom Kubernetes extensions to simplify the development, deployment, management, and monitoring of multi-vendor NFs. KfOR utilizes extension points available in Kubernetes such as custom controllers, DaemonSets, mutating webhooks, and custom runtime hooks. Here are some examples of its capabilities:

◉ Container suspension capability. KfOR can create pods that have containers that start in a suspended state but can be automatically activated in the future. This capability can be used for creating "warm standbys," which means these pods can immediately replace active pods that unfortunately fail, reducing downtime from several seconds to under one. In addition, this feature can also be used to ensure that pods launch in a predetermined order by specifying pod dependencies. vRAN workloads have some pods that require another pod to have reached a particular state prior to launching.

◉ Advanced Kubernetes networking stack. KfOR provides an advanced networking library using DPDK and a method to auto-inject this library into any pod using a sidecar container. KfOR also provides a mechanism to autoload this library ahead of the standard sockets library. This allows for code written using standard User Datagram Protocol sockets to achieve microsecond latency using DPDK underneath, without modifying a single line of code.

◉ Cloud-native user-space eBPF codelets. Extended Berkeley packet filter (eBPF) is used to extend the capabilities of the kernel safely and efficiently without requiring changing the kernel source code or loading kernel modules. KfOR provides a mechanism to submit user-space eBPF codelets to the K8s cluster, as well as a method for insertion of these codelets by using K8s pod annotations. The codelets attach dynamically to hook points in running code in the network functions and can be used for monitoring and analytics.

◉ Advanced scheduling and management of cluster resources. KfOR provides a K8s device plugin that allows for the scheduling and usage of isolated CPU cores as a resource separate from standard CPU cores. This enables RAN workloads to run on a K8s cluster with no manual configuration, such as pinning threads to predefined cores. KfOR also provides a custom runtime hook to isolate resources so containers cannot use CPUs, network interface controllers, or accelerators that have not been assigned to them.

With these capabilities, we have accomplished one-click deployment of RAN workloads as well as real-time workload migration and defragmentation. As a result, KfOR is able to shut off unused nodes to save energy. KfOR is also able to properly configure programmable switches that are used to route traffic from one server to the next. Furthermore, with KfOR, we can deliver fine-grain RAN analytics, which will be discussed in a future blog.

KfOR goes beyond simple automation. It turns the far-edge into a true platform that treats the vRAN as yet another app that you can install, uninstall, and swap easily with a simple click of a button. It provides APIs and abstractions that allow vRAN vendors to fine-tune their functions for real-time performance without needing to know the details of the bare metal. This is in contrast to existing vRAN solutions that even though virtualized, still treat the vRAN as an appliance, which needs to be manually tuned and is not easily portable across servers with even slightly different configurations.

Deployment of KfOR extensions is completed by using the management cluster to launch the add-ons on the workload cluster. KfOR capabilities can be used by any K8s deployment by simply adding annotations to the workload manifest.

Robust stress-free RAN management

What I have described here is how the full power of preexisting cloud management tools along with the new KfOR technology can be put together to manage, monitor, automate, and orchestrate the near-edge and far-edge machines and software deployed within the emerging telecommunications infrastructure. Once the hardware and network are available, these capabilities can light up a cell site impressively quickly, without any pain, and without requiring deep expertise. KfOR, developed specifically for virtual RAN management, has significant built-in value for our customers. It enables Azure to plug in artificial intelligence for sophisticated automation along with tried-and-true technologies needed for self-managing and self-healing networks. Overall, it creates a differentiation of our offering in the telecommunications and enterprise markets.

Source: microsoft.com

Continue reading

Azure Firewall Basic now in preview

Organizations are experiencing an increase in both the volume and sophistication of cyberattacks with the acceleration of digital transformation and the increase in hybrid work. While organizations of all sizes face similar security risks, cybersecurity is rapidly becoming a top concern for small and medium businesses (SMBs) with the shift to remote work and new digital business models. SMBs are particularly vulnerable as they are faced with budget constraints and gaps in specialized security skills. In a recent research study, over 60 percent of small businesses experienced a cyberattack and were left unable to operate.

Microsoft is constantly innovating to help secure customers’ digital assets in an evolving threatened landscape and help SMB customers with their cloud adoption journey. Today, we are excited to announce the preview of Azure Firewall Basic.

Azure Firewall Basic is a new SKU of Azure Firewall designed to meet the needs of SMBs by providing enterprise-grade protection of their cloud environment at an affordable price point. It is a cloud-native, highly available, stateful firewall as a service offering that enables customers to centrally govern and log all of their traffic flows with essential capabilities at scale.

Cost-effective, enterprise-grade security built for SMBs

Azure Firewall Basic includes Layer 3–Layer 7 filtering and alerts on malicious traffic with built-in threat intelligence from Microsoft Threat Intelligence. With tight integration with other Azure services, such as Azure Monitor, Azure Events Hub, Microsoft Sentinel, and Microsoft Defender for Cloud, you can gain more visibility into your environment and identify and respond to threats quicker.

Key features of Azure Firewall Basic

Comprehensive, cloud-native network firewall security.

◉ Network and application traffic filtering.

◉ Threat intelligence to alert on malicious traffic.

◉ Built-in high availability.

◉ Seamless integration with other Azure services.

Simple setup and easy to use.

◉ Set up in just a few minutes.

◉ Automate deployment (deploy as code).

◉ Zero maintenance with automatic updates.

◉ Central management via Azure Firewall Manager.

Cost-effective.

◉ Designed to deliver essential, cost-effective Firewall protection for your resources within your virtual network.

Choosing the right Azure Firewall SKU to meet your needs

Azure Firewall now supports three different SKUs to cater to a wide range of customer use cases and preferences.

◉ Azure Firewall Premium is recommended to secure highly sensitive applications (such as payment processing). It supports advanced threat protection capabilities like malware and TLS inspection.

◉ Azure Firewall Standard is recommended for customers looking for Layer 3–Layer 7 firewall and needs auto-scaling to handle peak traffic periods of up to 30 Gbps. It supports enterprise features like threat intelligence, DNS proxy, custom DNS, and web categories.

◉ Azure Firewall Basic is recommended for SMB customers with throughput needs of less than 250 Mbps.

Let’s take a closer look at the features across the three Azure Firewall SKUs.

Azure Firewall Basic pricing

Similar to the Standard and Premium SKUs, Azure Firewall Basic pricing includes both deployment and data processing charges.

Source: microsoft.com

Continue reading