Azure in-depth series: Azure updates 9 August 2021

Cobweb Team
Categories: Azure

Jonathan Harris, Cobweb Solutions Architect, writes …

I’m summarising this week’s Azure updates as follows ….

App Gateway Web Application Firewall (WAF) updates
  • The Application Gateway is a layer 7 load balancing solution, HTTPS, HTTP and HTTP/2.  It is an Azure regional solution, that can provide either an internal or external endpoint. The Web Application Firewall (WAF) is added to the App Gateway to provide protection.
  • The WAF updates are:
Azure Key Vault Managed Hardware Security Module (HSM) Private Link – Now Generally Available (GA)
  • Azure Key Vault is used to store keys, secrets and certificates. The HSM is a highly available, single-tenant, standards compliant cloud service which allows users to protect cryptographic keys using FIPS 140-2 level 3 validated HSMs.
  • Private link is now available for HSM. Private link allows users to connect securely to a service over Microsoft’s backbone network, removing the exposure from the public Internet.
  • You can find more information at What is Azure Key Vault Managed HSM? And What is Azure Private Link?
Azure Backup archive tier support for SQL in VMs
  • Storage tiers (Hot, Cool, Archive) are used to optimally price storage depending on the retention time required. For example, if data needs to be kept for a long time and not accessed, it is cheaper to move this into Archive storage.
  • This tiering system is now available for SQL backups for SQL running on VMs.
  • The archive tiering applies to backups older than 90 days, and which are to be retained for at least 180 days.
  • SQL Backups will have two backup tiers. Backups will initially go into a Vault-Standard and then a Vault-Archive tier.
  • Azure will make recommendations on the Recovery Points that can be moved into the archive tier.
  • For more information see General availability: Azure Backup now supports Archive Tier for backups of SQL Server in Azure VMs.
Azure Database for MySQL/PostgreSQL Flexible offering updates
  • High Availability (HA) for MySQL using Azure Zones (preview). When enabling HA, the second copy of the database can be located in the same region in a different zone. This reduces any replication lag.
  • Private DNS integration is available (preview). The Azure databases will create a DNS record in the Azure DNS zone, this can be used by Azure VNET resources to resolve names to an IP address.
  • Reserved Instance pricing (preview). This reduces the monthly price by committing to a period of time.
Azure SQL Managed Instance (MI) backup storage redundancy choice
  • For Azure SQL Managed Instance you can now choose the destination location of the Azure backup replication. This can be changed to the same region but in a different zone, if a region supports multiple zones.
  • For more information, go to, Configuring-backup-storage-redundancy-in-azure-sql.
Azure Migrate for VMware VM changes
Windows 365
  • Windows 365 / Cloud PC is now generally available.
  • Two SKUs are available, Business (for up to 300 users) and Enterprise (for 300+ users).
  • These are personal not pooled desktops.
  • Businesses need Enterprise if they want Azure AD connectivity.
  • More information about Windows 365 can be found at Getting Started with Windows 365 and Windows 365 FAQs.

Call us (0333 009 5941) or email and I – or any of the Cobweb team – will be happy to talk through any questions you have about any of the above.