#ITPro in a DevOps world, Sr. Site Reliability Eng. @ MSFT. Montanan at ❤️! My tweets are my own & not a reflection of my employer. They are happy about that 👍
268 stories
·
2 followers

Automate Always On availability group deployments with SQL Virtual Machine resource provider

1 Comment

We are excited to share that a new, automated way to configure high availability solutions for SQL Server on Azure Virtual Machines (VMs) is now available using our SQL VM resource provider.

To get started today, follow the instructions in the table below.

High availability architectures are designed to continue to function even when there are database, hardware, or network failures. Azure Virtual Machine instances using Premium Storage for all operating system disks and data disks offers 99.9 percent availability. This SLA is impacted by three scenarios – unplanned hardware maintenance, unexpected downtime, and planned maintenance.

To provide redundancy for your application, we recommend grouping two or more virtual machines in an Availability Set so that during either a planned or unplanned maintenance event, at least one virtual machine is available. Alternatively, to protect from data center failures, two or more VM instances can be deployed across two or more Availability Zones in the same Azure region, this will guarantee to have Virtual Machine Connectivity to at least one instance at least 99.99 percent of the time. For more information, see the “SLA for Virtual Machines.”

These mechanisms ensure high availability of the virtual machine instance. To get the same SLA for SQL Server on Azure VM, you need to configure high availability solutions for SQL Server on Azure VM. Today, we are introducing a new, automated method to configure Always On availability groups (AG) for SQL Server on Azure VMs with SQL VM resource provider (RP) as a simple and reliable alternative to manual configuration.

SQL VM resource provider automates Always On AG setup by orchestrating the provisioning of various Azure resources and connecting them to work together. With SQL VM RP, Always On AG can be configured in three steps as described below.

Steps SQL VM RP resource type Method to deploy Prerequisites
Step 1 – Windows Failover Cluster SqlVirtualMachineGroup Automated – ARM template VMs should be created from SQL Server 2016 or 2017 Marketplace images, should be in the same subnet, and should join to an AD domain.
Step 2 – Availability group N/A Manual Step 1
Step 3 – Availability group Listener SqlVirtualMachineGroup/AvailabilityGroupListener

3.1 Manual – Create Internal Azure Load Balancer resource

3.2 Automated – ARM Template Create and Configure AG Listener

3.1 Manual – None

3.2 Automated – Step 2

Prerequisites

You should start with deploying SQL VM instances that will host Always On AG replicas from Azure Marketplace SQL Server VM images. Today, SQL VM resource provider supports automated Always On AG only for SQL Server 2016 and SQL Server 2017 Enterprise edition.

Each SQL VM instance should be joined to an Active Directory domain either hosted on an Azure VM or extended from on-premises to Azure via network pairing. VM instances can be joined to the Active Directory domain manually or by running the Azure quick start domain join template.

All SQL VM instances that will host Always On AG replicas should be in the same VNet and the same subnet.

1. Configure a Windows Failover Cluster

Microsoft.SqlVirtualMachine/SqlVirtualMachineGroup resource defines the metadata about the Windows Failover Cluster, including the version and edition, fully qualified domain name, AD accounts to manage the cluster, and the storage account as the cloud witness. Joining the first SQL VM to the SqlVirtualMachineGroup will bootstrap the Windows Failover Cluster Service; and join the VM to the cluster. This step can be automated with an ARM template available in Azure Quick Starts as 101-sql-vm-ag-setup.

2. Configure an Always On AG

As Windows Failover Cluster service will be configured at the first step, an Always On AG can simply be created via SSMS on the primary Always On AG replica. This step needs to be manually performed.

3. Create an Always On AG listener

Always On AG listener requires an Azure Load Balancer (LB). Load Balancer provides a “floating” IP address for the AG listener that allows quicker failover and reconnection. If the SQL VMs a part of the availability group are in the same availability set, then you can use a Basic Load Balancer. Otherwise, you need to use a Standard Load Balancer. The Load Balancer should be in the same VNet as the SQL VM instances. SQL VM RP supports Internal Load Balancer for AG Listener. You should manually create the ILB before provisioning the AG Listener.

Provisioning a Microsoft.SqlVirtualMachine/Sql Virtual Machine Groups/AvailabilityGroupListener resource by giving the ILB name, availability group name, cluster name, SQL VM resource ID, and the AG Listener IP address and name creates and configures the AG listener. SQL VM RP handles the network settings, configures the ILB back end pool and health probe, and finally creates the AG Listener with the given IP address and name. As the result of this step, any VM within the same VNet can connect to the Always On AG via the AG Listener name. This step can be automated with an ARM template available on the Azure quick starts as 101-sql-vm-aglistener-setup.

Automated Always On AG with SQL VM RP simplifies configuring Always On availability groups by handling infrastructure and network configuration details. It offers a reliable deployment method with right resource dependency settings and internal retry policies. Try deploying automated Always On availability groups with SQL VM RP today to improve high availability for SQL Server on Azure Virtual Machines.

Start taking advantage of these expanded SQL Server Azure Virtual Machine capabilities enabled by our resource provider today. If you have a question or would like to make a suggestion, you can contact us through UserVoice. We look forward to hearing from you!

Read the whole story
jshoq
19 hours ago
reply
If you absolutely need AG SQL on Azure, this is a good background to configure it. I would look at the SQL PaaS services first before setting up your own VMs.
Seattle, WA
Share this story
Delete

Browser Reboot: Microsoft’s Building a ‘new’ Edge for Windows 7,8,10 and MacOS

1 Comment

The browser, likely the most used app on your computer, is a pivotal part of the desktop experience. With nearly everything now accessible via the web, the future of the browser is only growing in importance and Microsoft is announcing a significant shift in how the company will play in this market.

With the launch of Windows 10, Microsoft tried to build a new browser that was based on their Trident rendering engine that we now know as Edge. But the browser has failed at its objective, to create a Microsoft-built browser that could compete with the likes of Chrome and Firefox.

Because of their lack of momentum since the release of Windows 10, the company is announcing a significant change today, they are building a new browser that is based on Chromium. And the company is bringing the new browser to every platform: Windows 7, 8, 10 and even MacOS.

While the company is not commenting on any timeline for availability aside from a preview build in early 2019, the basics are this: it’s building a new version of Edge, based on Chromium, that will be updated at a cadence that is not tied to Windows updates. Further, this app will not be in the Microsoft Store and will be serviced outside of that platform.

As part of this shift, Microsoft will also become a significant contributor to Chromium to help improve the rendering engine. The company is committed to supporting web standards and will now shift its focus from maintaining EdgeHTML to Chromium.

And a big shift this is but it’s also the right approach. Today, Microsoft has to not only build a rendering engine that only it uses but also has to compete with Google’s browser that is the market leader. What this means is that Microsoft has to invest heavily in upgrading its engine while also dealing with whatever issues Chrome introduces as many devs only build websites that render using that engine and fail to check to see if other browsers render correctly.

By removing the burden of having to chase Google with engine development, the company can focus on making a Chromium-based-Edge version of the browser that has value-add, rather than trying to plug the leaks in its own engine because of incompatibility with Chrome.

The other major shift is servicing, by untangling Edge from Windows releases, the company can push out updates on-demand, rather than twice a year. The company said a few years ago that Edge would eventually be serviced via the Windows store but that never materialized.

In its current iteration, Edge was never going to win against Chrome. The company was trying to constantly update its rendering engine while also trying to add new features to the browser; resources were spread thin. By moving to the open-source engine of Chromium, they can contribute to the platform used by several browsers (and reap the benefits from other contributors) while also having more resources to invest in making its browser have unique differentiators when compared to Chrome.

For those in the IT world that still need Internet Explorer, Microsoft has no plans to stop shipping that browser with Windows 10 for compatibility reasons.

While some may be disappointed as this means that the web has become a monoculture for rendering engines, this is a major net-positive for Microsoft and will actually give them a serious chance to regain market share.

The ‘new’ browser will still be called Edge, and will still use the blue E but that’s about all that’s left from the old Edge. Expect to see the UI updated and other features added during 2019 as the company looks to ramp up development of the new browser.

The post Browser Reboot: Microsoft’s Building a ‘new’ Edge for Windows 7,8,10 and MacOS appeared first on Petri.

Read the whole story
jshoq
9 days ago
reply
This is something that I never expected. It is a good move for customers as Chromium-based browsers work very well. I have used Vivaldi as an alternative to Chrome and loved the performance it has along with expansion capabilities thanks to the Chrome Extensions. At the same time, since Vivaldi is not made by Google, I feel better using it for privacy reasons. By moving to this standard, Microsoft can focus on making the experience better and give back to the Chromium project performance, hardware and OS platform supply, and another set of eyes for security.
Seattle, WA
Share this story
Delete

Announcing Azure Dedicated HSM availability

1 Comment

The Microsoft Azure Dedicated Hardware Security Module (HSM) service provides cryptographic key storage in Azure and meets the most stringent customer security and compliance requirements. This service is the ideal solution for customers requiring FIPS 140-2 Level 3 validated devices with complete and exclusive control of the HSM appliance. The Azure Dedicated HSM service uses SafeNet Luna Network HSM 7 devices from Gemalto. This device offers the highest levels of performance and cryptographic integration options and makes it simple for you to migrate HSM-protected applications to Azure. The Azure Dedicated HSM is leased on a single-tenant basis.

Key benefits

  • Migrate HSM-protected applications: The Gemalto HSM model uses hundreds of applications such as Oracle DB TDE, Active Directory Certificate Services, Apache/NGINX TLS offload, and your own applications that have integrated with SafeNet HSMs over the last 15 years. This makes it easy for you to migrate applications to Azure Virtual Machines or run hybrid topologies spanning across Azure and on-premises. It can also be used to back up keys on-premises. Once your applications have migrated to Azure, you will achieve low latency (single-digit millisecond) and high throughput for cryptographic operations (10,000 RSA-2048 tps). Azure Dedicated HSM supports up to ten partitions per HSM for flexibility of application usage and increased capacity per device.
  • Maintain security and compliance: The HSM devices are certified for FIPS 140-2 Level 3 and eIDAS Common Criteria EAL4+, helping you meet the most stringent security and compliance requirements.
  • Manage HSMs in the cloud: You have full administrative and cryptographic control over the Azure Dedicated HSMs in Azure. Microsoft does not have visibility into your cryptographic keys.

Azure Dedicated HSM is provisioned directly on your virtual network in Azure. This service can also connect to your on-premises infrastructure via a virtual private network. 

When to use Azure Dedicated HSM 

Azure Dedicated HSM addresses a unique set of customer needs for secure key storage scenarios in Azure. The following criteria will help determine best fit for your requirements:

Best fit 

The Azure Dedicated HSM is most suitable for migration of HSM applications to Azure or HSM applications from other clouds. It is also suited for applications which needs FIPS 140-2 Level 3, Common Criteria EAL 4+, NITES, or Brazil ITE and needs crypto other than RSA and ECC. Some examples are included below:

  • Migrating applications from on-premises to Azure Virtual Machines.
  • Running shrink-wrapped software in Azure Virtual Machines.

Not a fit

The Microsoft Azure cloud services that support encryption with customer managed keys such as Azure Information Protection, Azure Disk Encryption, Azure Data Lake Store, Azure Storage, Azure SQL, and Office 365 Customer Key are not integrated with Azure Dedicated HSM. Customers who use such PaaS/SaaS services rely on Microsoft to ensure availability and disaster recovery and to protect against users accidentally deleting their keys. To meet these promises, such services offer customer managed keys via the Azure Key Vault service.

Get started 

The Dedicated HSM service is available in eight Azure regions, namely East US, West US, South Central US, East US 2, Southeast Asia, East Asia, West Europe, and North Europe. We plan to continue expanding this service to other Azure regions.

To learn more about the Azure Dedicated HSM service, please refer to the service documentation.

To learn about pricing and suitability of this service for your applications, please contact your Microsoft account representative or leave a comment below.

Read the whole story
jshoq
10 days ago
reply
Securing secrets is a key to securing your infrastructure. Having Azure Dedicated HSM (Hardware Security Modules) is a great step for many businesses in areas like finance or healthcare. Do note the limitations for cloud services offered by Azure and HSM usage.
Seattle, WA
Share this story
Delete

Microsoft Reportedly Killing Edge in Favour of a New Chromium-Based Browser

1 Comment
Living on the (Microsoft) Edge in 2018?

Microsoft is reprotedly getting rid of Edge in favour of a new Chromum-based browser in Windows 10.

The post Microsoft Reportedly Killing Edge in Favour of a New Chromium-Based Browser appeared first on Thurrott.com.

Read the whole story
jshoq
10 days ago
reply
This is actually a major story for people in the Windows ecosystem. Changing out the underlying rendering engine could make Edge something that the digerati would use.
Seattle, WA
Share this story
Delete

Enterprise IT Storage for Beginners: Terms Every Admin Should Know

1 Comment
Gaining insight into the most pervasive industry vocabulary will help ease enterprise IT storage for beginners.

Read the whole story
jshoq
19 days ago
reply
This is the basics of storage. I think it is something that every IT Pro should understand even if they are 100% in the cloud. Storage is the key to performance and its bottlenecks. Having a solid understanding of storage helps you when working with Cloud or hardware vendors. Take the time to learn the basics.
Seattle, WA
Share this story
Delete

Why Your Data Backup Strategy Should Include ... Paper?

1 Comment
Yes, we said it: Paper can be considered part of your data backup strategy for small files or data sets.

Read the whole story
jshoq
27 days ago
reply
This is fascinating to me. The whole point of Digital Transformation is to get away from paper. Yet, paper is one of the best ways to backup data and this is possibly taking a step further. My only question is where to store this amount of paper.
Seattle, WA
Share this story
Delete
Next Page of Stories