Key Take Aways from Microsoft Inspire 2022

July 22 2022, by Pauline Thomas | Category: Cloud Services

Microsoft shared their vision and roadmap with their partners at Inspire 2022 conference. As an Azure Expert MSP partner, the Macquarie Cloud Services team followed announcements keenly and each team member provided their unique perspective,  shaped by their experience, expertise and passion.

Hear from the team.

Naran McClung, Head of Azure Practice is planning how we can take the Azure Migration and Modernization Program to customersRicher incentives on more solutions, including for must-win Windows Server and SQL Server migrations, will make customers very happy, as funding is available for cloud-native innovation, app and data estates modernisation, and infrastructure and mission critical workloads migration and modernisation.

Shaun Domingo, our CTO, is talking about how he can configure load testing to pass if the ’99th percentile response time should be less than 10 seconds’, set Calico Network Policies for AKS on Windows and Linux nodes, and deploy the new Icelake Gen Intel® Xeon Scalable processor on SQL managed instances with faster compute and memory performance, and improved IO and network experience.

Raymond Phoon, our IaaS Senior Azure architect, has already upgraded his battle tested Azure Function Apps with PowerShell 7.2 to ensure it continues to run at scale.  His pick was:

  • Virtual Machine Restore Points has added one more data protection tool into our kit bag. Azure Site Recovery is typically used in a region wide failure situation, whereas, restore points can define RPO and RTO on a more granular setting per VM. Restore points are incremental VM disk snapshots where the first snapshot would be a full backup and subsequent snapshots would only be the increments. Restore points are application or crash consistent. Max RPO is 3 hours.
  • Premium SSD V2 data disks have a baseline performance of 3,000 IOPS and 125 MB/s for any disk size that is offered at no additional cost. Storage capacity can range from a minimum of 1 GiB to a maximum of 64 TiBs with GiB increments.
  • The new Update Management Center plays well into the hybrid cloud management use case where customers manage Azure and on-premise virtual machines with automatic VM guest patching in Azure, hotpatching or custom maintenance schedules.

Stephen Rozanc, our PaaS architect, loved that:

  • with Same-Zone HA for Postgres Flexible, he could alleviate any replication lag concerns (impacting DB performance) as replication runs as sync. Inter-AZ latency between AZs in Australia East is usually 1.5-3ms. Intra-AZ latency should be around 0-1.5ms, or roughly twice as quick.
  • with Azure Database for MySQL – Flexible Server – On demand backups, he could reduce risk when schema changes are performed to the DB, or when drastically changing how the application interacts with the DB.

As a Product Manager, I was glad to see the growth in the confidential computing portfolio, which was introduced last year. Azure has always had encryption of data in flight (TLS/VPN) and data at rest (encrypted storage). Now, protection of data in use (by performing computation in a hardware based Trusted Execution Environment) is generally available. In a nutshell, confidential computing now has more solutions if you were worried about:

  • Ensuring Microsoft can’t access data that isn’t encrypted
  • Preventing security threats from privileged admins inside your company
  • Preventing third-parties from accessing sensitive customer data.
  • Processing data from multiple sources without exposing the input data to other parties.

The concept of a trust ladder explains the different levels of trust you place in each option in the portfolio.

    • On the bottom rung of the trust ladder, Trusted Launch virtual machines are available to Generation 2 virtual machines at no extra cost. We recommend this as a baseline, as the ease of configuration, wide range of choices, and the secure boot, virtual trusted platform module, and boot integrity monitoring that protects against boot kits, rootkits, and kernel-level malware is a no-brainer.
    • On the top rung of the trust ladder is the Intel SGX-enabled Virtual Machines DCsv2/3 application enclave. Choosing this could mean your application may need code changes, but it then means you are only trusting the app code and the chip, not even the VM administrator. The DCsv3 family is available in Australia. at a higher price tag than VMs of similar configuration and iops. However, the security posture for banking, healthcare, and public sector companies may mandate portions of code and data to be shielded inside the enclave.
    • The newly GA hardware enclave middle rung of the trust ladder protects against operator access. The DCasv5/ECasv5 confidential VMs use 3rd Gen AMD EPYC processors with Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) security features that hardens the guest by denying the hypervisor and other host management code access to VM memory and state. With no code changes! As of now, only Ubuntu 20.04 LTS, Windows Server 2019, and Windows Server 2022 are supported. Though it is not yet available in Australia, indications are that pricing is similar to other families with close specifications, at least in East US, and going forward, encrypted OS disk is expected to incur higher costs.
    • Many more rungs on the trust ladder are available, with Enclave aware containers running on Azure Kubernetes Service (AKS), Always Encrypted with secure enclaves in Azure SQLAzure Key Vault Managed HSM, etc.

About the author.

As the Product Lead for Azure and Hybrid Cloud Solutions, Pauline has achieved business goals through data driven decision making, market led products, collaboration with key stakeholders, interdepartmental groups, and partners , while streamlining processes and systems work flow. With years of experience in private and public cloud. Pauline believes in harnessing technology to provide true customer outcomes.

See all articles by this author

Get in touch.

1800 004 943 +61 2 8221 7003

Enquiry Sent.

Thank you for contacting us. Our specialists will get in touch with you shortly.

From the Blog

Cloud Reset – The Podcast | Episode 4:...

Show Resources: Here are the resources we covered in the episode: Follow Jono Staff on LinkedIn Follow Naran McClung on LinkedIn Cloud Reset...

Read More

Planning for the cyber inevitable: 8 bus...

When it comes to cyber threats, it’s not a question of if; it’s a question of when. With risks rising and regulations shifting, CFOs are...

Read More

Cloud Reset – The Podcast | Episode 3:...

Show Resources: Here are the resources we covered in the episode: ADAPT’s 2024 Cloud & Infrastructure Edge insights for Australian tec...

Read More