New intelligent security tools and technologies for Internet of Things (IoT) and edge devices, called “Azure Sphere” is announced in private preview at RSA on Monday, aimed at securing Internet-connected microcontroller (MCU) devices.
Azure Sphere was originally spotted over a year ago known as “Project Sopris” consists of both hardware and software. It includes three components that work together to protect and power devices at the intelligent edge:
Azure Sphere certified microcontrollers (MCUs): an entirely new cross-over class with new built-in custom security subsystem called “Pluton.” These real-time and application controllers itself powered by a Cortex-A processor with real-time guarantees of a Cortex-M class processor are over five times more powerful than older MCUs and is inspired by 15 years of eperience from Xbox.
These designs will be licensed to partners without any royalty fees. The first Azure Sphere chip “MediaTek MT3620,” will be in market in volume this year.
On top of MCUs will run “Azure Sphere OS,” a custom Linux-based embedded OS with “multiple layers of security”. The OS is purposely-built and optimized with security innovations pioneered in Windows to offer high security and agility to IoT environment.
Azure Sphere Security Service, which is a final part is a “turnkey cloud service” designed to guard every Azure Sphere device through certificate-based authentication, detecting emerging security threats across entire Azure Sphere ecosystem through online failure reporting, and renewing security through software updates.
Microsoft says, the first wave of Azure Sphere devices is expected to be on shelves by the end of 2018, from select device manufacturers. While, Dev kits will be universally available in mid-2018.
In the video below, you can see all these capabilities come together to enable Azure Sphere to meet all 7 properties of a highly secured device – making it a first of its kind solution:
Microsoft also made other Cloud Platform release that include:
Business Applications Spring 2018 general availability. This represents an incredible effort to release the next wave of innovation with hundreds of new features and capabilities.
Power BI Report Server March update contains several new features customers have been anxiously waiting for, including bookmarking, syncing slicers, and quick measures. This release is supported for production workloads, so you should feel free to upgrade your production environment to take advantage of all these new capabilities.
Azure Service Bus, which connects existing on-premises systems to cloud solutions, distribute messages to multiple independent back-end systems, and simplify enterprise integration with a reliable cloud messaging as a service (MaaS) on May 1st will start being billed at an hourly rate from the current daily rate.
This includes Azure Service Bus Standard Base Unit and Service Bus Premium Messaging Units.
Azure Logic Apps now generally available in Azure Government delivers process automation and integrate applications and data across on-premise, public or private cloud environments.
With Logic Apps Government agencies enhance productivity with business processes automation, EAI, B2B/EDI and services and applications integration leveraging most common out-of-the-box connectors for Azure services, Office 365, Dynamics CRM and others while complying with policies and regulations related to public cloud.
Transform workflows into intelligent actions with machine learning and cognitive services and build smart integrations from connecting SaaS applications and hybrid deployments with Logic Apps.
Public Preview of “Azure DNS Private Zones,” a key feature addition to Azure DNS provides a reliable, secure DNS service to manage and resolve names in a VNet, without the need for you to create and manage custom DNS solution.
This feature allows you to use your company domain rather than the Azure-provided names available today, provides name resolution for VM’s within a VNet and across VNets. Additionally, you can configure zones names with a split-horizon view – allowing for a private and a public DNS zone to share the same name.
Zone and record management is done using the Azure REST APIs, SDKs, PowerShell and CLI.
Azure Virtual Machines Serial Console now in Public Preview providing access to a text-based console for Linux and Windows Virtual Machines on Azure.
This serial connection is to COM1 serial port of the virtual machine and provides access to the virtual machine regardless of that virtual machine’s network / operating system state. Access to Serial Console for a virtual machine can be done via Azure Portal and for those who have VM Contributor or above access.
The general availability of “Azure Service Health,” which provides tailored information for resources. When issues in Azure services affect your resources, this personalized dashboard helps you understand the impact of the issue, and keeps you updated as the issue is resolved. It also helps you prepare for planned maintenance and changes that could affect the availability of your resources. Finally, Azure Service Health allows you to configure alerts to ensure that your relevant teams are notified of any service health events.
Azure Availability Zones now generally available is a high availability solution for the most demanding mission critical workloads.
Availability Zones are physically separated, logically isolated, and feature independent power, cooling, and networking for the one or more datacenters that make up each zone.
Also, a new Virtual Machine SLA of 99.99% uptime when running in two or more zones is introduced as well are live in regions across the US and Europe.
Generally available today, “Azure Security Center’s Web Security Configuration Assessment” helps in detecting vulnerabilities in your web server settings and quickly act.
Azure Files Share Snapshots are generally available provide a way to make incremental backups of SMB shares in Azure Files.
File Share Snapshots are:
- Incremental and Fast – Only changes to the base data are stored in the snapshot. If nothing changes after you create the snapshot, size of the snapshot remains zero.
- Work in a familiar way – Azure is the very first public cloud provider having capabilities like creating instantaneous file share snapshot, browsing of files within snapshots with native VSS like experience in Windows Explorer and restore from right within the same Windows explorer.
- Easily integrated with offerings from Backup providers – Backup providers can now leverage REST API to provide a true native backup story.
Ubuntu Advantage is now available to be deployed to your subscription via Azure Marketplace and, you can even enroll from a running Ubuntu VM on Azure.
Ubuntu Advantage is Canonical’s enterprise-grade commercial support offering for Ubuntu on Azure, trusted by telco, finance, and retail customers running highly available, and cost-efficient cloud infrastructures.
Azure Cosmos DB Data Explorer now generally available provides a rich and unified developer experience for inserting, querying, and managing Azure Cosmos DB data within the Azure portal and the Emulator.
Data Explorer consolidates the functionality previously available in Document Explorer, Query Explorer, and Script Explorer, so that they can all be done without switching views. With this announcement, Document Explorer, Query Explorer, and Script Explorer will no longer be available in the Azure portal. Learn more in the Azure update.
Preview of a new vCore-based purchasing model for Azure SQL Database Elastic pools and Single databases in addition to existing DTU-based model is designed to give you flexibility, control, transparency and an easier way to compare to on-premises workloads, it allows you to scale your compute, and storage independently based upon your workload needs.
Options within the vCore-based model are also eligible for up to 30 percent savings with the Azure Hybrid benefit for SQL Server.
Azure SQL Database announces public preview of read scale-out support in Premium service tier. This capability redirects the read-only client connections to one of the automatically provisioned HA replicas and effectively doubles the compute capacity of the database or elastic pool at no additional charge.
Azure SQL Database announces a major update of its long-term backup retention preview will make the feature available in all Azure regions and provide greater flexibility in setting your retention policies and managing individual backups. Backups will also now use RA-GRS storage, which provides an even higher degree of protection for your data.
Azure DevOps Projects now supports Windows VMs as deployment targets for ASP.NET and ASP.NET core web applications. This addition is the first of several planned expansions to Azure DevOps projects scenarios which allow developers to create full CI/CD pipelines in minutes from the Azure portal powered by Visual Studio Team Services.
Microsoft also increased native support to Azure for customers using “Ansible” with version 2.5, that includes updates to network and virtual machine support as well as 13 new Azure modules, enabling image management, container and database scenarios.
- Image: Create, delete an image from virtual machine, blob uri, managed disk or snapshot.
- Container Instance: Create, update and delete an Azure Container Instance.
- Container Registry: Create, update and delete an Azure Container Registry.
- SQL server and database: Create, update and delete instance of SQL Server and database.
- MySQL server and database: Create, update and delete instance of MySQL Server and database.
- PostgreSQL server and database: Create, update and delete instance of PostgreSQL Server and database.
- Key Vault: Create, update and delete instance of Key Vault. And create or delete a key or secret with a given Key Vault. By using Key Vault, you can encrypt keys and secrets (such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords).
Also, Terraform availability in the Azure Marketplace & Azure Terraform Provider v1.3 was announced with latest improvements and enhancements, including:
- Terraform solution in Azure Marketplace enable teams to use shared identity, using Managed Service Identity (MSI), and shared state using Azure Storage. These features will allow you to use a consistent hosted instance of Terraform for DevOps Automation and production scenarios.
- v1.3 of Azure Terraform Provider includes support for additional Azure resources including:
- Platform Services
- Azure Functions
- Deployment Slots for Azure Web Apps
- AKS Managed Kubernetes Cluster
- Azure CDN
- Advanced Networking Services
- Application Gateway
- Virtual Network Gateway
- Application Security Groups
- Network Watcher
- Platform Services
Azure Standard Load Balancer now generally available in all public regions enables you to scale your applications and create high availability for small scale deployments to large and complex multi-zone architectures.
You can create resiliency for all your virtual machine resources inside a virtual network. It supports inbound as well as outbound connections, provides low latency and high throughput, and scales up to millions of flows for all TCP and UDP applications.