Microsofts' New Azure Event Grid Service & JIT VM Access and More Goes Live!

Azure Event Grid is an innovative offering that makes an event a first-class object in Azure. Just-In-Time VM Access reduces exposure to attacks.

Share online:

Chart of Azure Event Grid integration

Microsoft kicks off a preview Wednesday, of its new Azure Event Grid, a fully managed event routing service, simplifying event routing and event handling, making event-based and serverless applications even easier to build on Azure.

The new Grid service aims to assist programmers as it greatly simplifies the development of event-based applications and serverless workflows. "Using a single service, Azure Event Grid manages all routing of events from any source, to any destination, for any application," writes Corey Sanders.

With Azure Event Grid, you can subscribe to any event across Azure resources and react using serverless platforms like Functions or Logic Apps. In addition to having built-in publishing support for events with services like Blob Storage and Resource Groups, "Event Grid provides flexibility and allows to create own custom events to publish directly to service," Sanders said.

Here are some details of this new service:

In addition to having a wide range of Azure services with built-in handlers for events, like Functions, Logic Apps, and Azure Automation, Event Grid allows flexibility in handling events, supporting custom web hooks to publish events to any service, even 3rd-party services outside of Azure.

The team says, more event sources and destinations including "Azure Active Directory, API Management, IoT Hub, Service Bus, Azure Data Lake Store, Azure Cosmos DB, Azure Data Factory, and Storage Queues," are coming later this year.

  • Events as first-class objects with intelligent filtering—Azure Event Grid enables direct event filtering using event type, prefix or suffix, so an application only need to receive events.
  • Designed to be highly available and to handle massive scale dynamically, ensuring consistent performance and reliability for your critical services.
  • Opens possibilities for serverless applications by allowing serverless endpoints to react to new event sources. Both code-focused applications in Functions and visual workflow applications in Logic Apps benefit from Azure Event Grid.
  • Unified event management interface enables simpler operational and security automation, including easier policy enforcement with built-in support for Azure Automation to react to VM creations or infrastructure changes.

See the chart above showing of examples of Azure Event Grid integration, and to learn more, see this quick start, and watch this video about how the service works:

Azure Security Center's team has uncovered a trend of attackers using good applications to carry out malicious attacks on virtual machines in Azure.

"Hackers are using legitimate scanning tools to find and target vulnerable machines and cloud-based messaging services to drop files onto other machines. They are also creating messaging channels to broadcast messages to an unlimited number of subscribers," says Sajva Halverson.

"From the number of incidents investigated, the usage of legitimate tools for malicious purposes appears to be an upward trend," Halverson writes.

Azure Just-In-Time VM Access mechanism
Just-In-Time VM Access mechanism

In addition to detection and alert of these attacks, Azure Security Center has just released a new "Just-In-Time (JIT) VM Access" mechanism in public preview, significantly reduces exposure to these attacks by enabling users to deny persistent access while providing controlled, audited access to VMs when needed. See the screenshot above of "Just-In-Time VM Access mechanism."

When JIT VM Access is enabled, Azure Security Center "locks down inbound traffic to defined ports through Network Security Group rule(s)," writes Ben Kliger. "You can request access to VM when needed, which opens needed port for an approved amount of time, from approved IP addresses, and only for users with proper permissions."

All these requests are logged in Azure Activity Log, "so you can easily monitor and audit access," Kliger said. Additionally, you can also enable JIT VM Access, configure policies and request access through Powershell cmdlets."

To learn more about JIT VM Access, see this documentation, and the video below:

Reference Architecture for a high availability SharePoint Server 2016 farm and for SAP NetWeaver and SAP HANA on Azure, published on Wednesday.

The reference architecture on SAP NetWeaver and SAP HANA on Azure, provides prescriptive guidance on how to run SAP HANA and SharePoint Server 2016 on Azure including following topics:

  • Architecture resources necessary for the deployment, including recommendations.
  • Scalability considerations.
  • Availability considerations.
  • Manageability considerations.
  • Security considerations.

Reference Architecture for SharePoint includes prescriptive guidance and a set of PowerShell scripts and Azure Resource Manager templates to deploy a working SharePoint Server 2016 farm with SQL Server Always On and a simulated on-premises network.

While, SAP HANA architecture provides a set of PowerShell scripts and Azure Resource Manager templates to deploy the reference architecture. The deployment time for this one is about 2 hours, making simple a task that previously would take days.

Like all other reference architectures, the SAP HANA can be found at Azure Reference Architectures site, and the SharePoint over here.

In a new episode of Azure Government, Steve Michelotti with James Walters talks about Azure Government ExpressRoute.

The video starts out by explaining ExpressRoute, and its primary benefits for government customers, as well as the difference between ExpressRoute for commercial versus Government and the DoD.

Later, the video discuss how and where the data is encrypted over the wire and how customers can optionally add additional security if they choose. It concludes by explaining how government agencies can get started with setting up ExpressRoute and the available options.

Azure NC Virtual Machines are now available to customers to run deep learning training jobs, HPC simulations, rednering, real-time data analytics, DNA sequencing, and many more CUDA accelerated tasks.

Additionally, customers have option to utilize RDMA (Remote Direct Memory Access) over InfiniBand for scaling jobs across multiple instances.

"Azure NC-based instances are powered by NVIDIA Tesla K80 GPUs and provide compute power required to accelerate the most demanding high-performance computing (HPC) and AI workloads."

"InfiniBand provides close to bare-metal performance even when scaling out to 10s, 100s, or even 1,000s of GPUs across hundreds of machines. This will allow you to submit tightly coupled jobs using frameworks like the Microsoft Cognitive Toolkit (CNTK), Caffe, or TensorFlow, enabling training for natural language processing, image recognition, and object detection," writes the team.