Hello folks,
This week Amy Colyer (@wyrdgirl) and I team up again to bring you the news from Azure that the IT/Ops audience cares about. (Or not… let me know in the comments).
We will cover the Azure Compute Gallery support for trusted launch Virtual Machines, the Azure Arc-enabled servers support for private endpoints, the Virtual Network NAT health checks, and how you can manage Red Hat workloads seamlessly on Azure.
here we go! … Join us online on YouTube? (Live at 10 am eastern time zone) or catch the replay below.
Azure Compute Gallery support for trusted launch Virtual Machines
Trusted launch virtual machines protect against advanced and persistent attack techniques such as malware-based rootkits and boot kits among others. It uses multiple infrastructure technologies that can be enabled independently.
- Secure boot
- vTPM
- Virtualization-based security
- Azure Defender for Cloud integration
- Microsoft Defender for Cloud integration
Each technology provides another layer of defense against sophisticated threats. This is not new. What IS new is the fact that you can now use the Azure Compute Gallery to create and share those images of trusted launch VMs.
You can leverage the Gallery from the portal, from PowerShell, or Azure CLI to fit your needs. There are some prerequisites so make sure to check out the documentation.
Azure Arc-enabled servers support for private endpoints
We’ve been talking about Azure Arc a lot lately, mostly because it’s such a powerful way to improve the management of your workloads wherever they may be. Therefore, really embracing the “Hybrid” model.
Now, Private endpoints for Azure Arc-enabled servers enable you to manage your servers from Azure without sending network traffic over the public internet. This is huge for environments that need that extra security.
Servers can be configured to use a private endpoint by associating them with an Azure Arc Private Link Scope and connecting your on-premises network to an Azure virtual network using a site-to-site VPN or Express Route.
You will experience many benefits from using this.
- Connect privately to Azure Arc without opening any public network access.
- Ensure data from the Azure Arc-enabled machine or server is only accessed through authorized private networks. This also includes data from VM extensions installed on the machine or server that provide post-deployment management and monitoring support.
- Prevent data exfiltration from your private networks by defining specific Azure Arc-enabled servers and other Azure services resources, such as Azure Monitor, that connect through your private endpoint.
- Securely connect your private on-premises network to Azure Arc using ExpressRoute and Private Link.
- Keep all traffic inside the Microsoft Azure backbone network.
Please review the documentation and make your connection secure.
Virtual Network NAT health checks available via Resource Health
Azure offers a suite of experiences to keep you informed about the health of your cloud resources. This information includes current and upcoming issues such as service impacting events, planned maintenance, and other changes that may affect your availability.
Azure Service Health is a combination of three separate smaller services.
With Virtual Network NAT, you can simplify your outbound connectivity for virtual networks without worrying about the risk of connectivity failures from port exhaustion or your internet routing configurations. And, now you can monitor, diagnose and/or troubleshoot outbound connectivity issues from your NAT gateway right in the Azure Resource Health
Manage Red Hat workloads seamlessly on Azure
On May 10th, at the Red Hat Summit, we announced multiple enhancements to our Red Hat on Azure offerings to help you accelerate your digital transformation with the power of the cloud. This includes the broad availability of our Red Hat Ansible Automation Platform on Azure and Red Hat Open Shift Support for Azure Arc-enabled SQL Managed Instance.
MS Learn Module of the Week
We mentioned Private end points in the past, but we never suggested this particular lean module.
Design and implement private access to Azure Services will walk you through designing and implementing private access to Azure Services with Azure Private Link, and virtual network service endpoints.
Thanks for joining us for this week’s AZUpdate episode. Feel free to comment or reach out with any questions in the comments below or join us on our discord server.
Cheers!
Pierre