Azure in-depth series: Azure updates 12 July 2021

Cobweb Team
Categories: Azure
Tags: Azure

Jonathan Harris, Cobweb Solutions Architect, writes …

This blog contains the Azure infrastructure updates for the week beginning 12 July 2021:

VMs with disk performance bursting capability is now Generally Available (GA).
  • Ds_v4, Das_v4, Dds_v4
  • Es_v4, Eas_v4, Eds_v4
  • Fs_v2 and B series

Disk performance is included for free with these VM types. If a VM is operating below the allocated disk performance (Input Output Operations – IOPS) the VM starts to build credit. If extra IOPS are required, then the disk performance will burst above the regular performance threshold. You can find more information on the Microsoft Docs site – Managed disc bursting.

ASE v3 is now GA

An Application Service Environment (ASE) provides isolated and dedicated environment for running App Services (Windows and Linux Web apps, Docker containers and functions) at high scale. It has no shared components. It is deployed into a subnet in a VNet. It is consumed using the isolated v2 App Service plans. Isolated v2 plan removes the charge per hour for the stamp fee, which is applicable in the original Isolated plan. Isolated_v2 plan also introduces one- and three-year Reserved Instances.

For more information, visit the Microsoft Docs site – App Service Environment overview.

App Gateway WAF CRS v3.2 is in preview

For the Application Gateway Web Application Firewall (WAF) there is a new Common Rule Set (CRS) version 3.2 in preview. This includes improvements with performance and protection against vulnerabilities for Web Apps.

Azure Lighthouse PIM support

Privileged Identity Management (PIM) can now be used to access customer environments (shared with the provider). The provider can request to elevate their permissions on the customer’s environment. The provider will need the Azure AD P2 licence, not the customer.

App Service Key Vault reference update

This change allows secrets that would have been previously stored in an environment variable to be stored in Azure key vault instead of within the App. This now works for Windows and Linux applications, and can be a System or User assigned managed identity.

For more information

If you’d like more information about any of the updates summarised above, get in touch with the Cobweb team (0333 009 5941 / hello@cobweb.com) – and I’ll be happy to jump on a call.