Microsoft Ignite – Day 3 Roundup – Thomas Thornton – Microsoft Azure MVP

Took a different approach today, spent the morning speaking to vendors and some Microsoft staff on various resources within Azure.

This followed by a couple of Microsoft Mechanic sessions, the first focusing on Azure data warehousing and how the newly announced Azure Synapse Analytics service can benefit this even further

Azure Synapse, combining data analytics & big data warehousing even further – taking it to the next level.

” Today, we are announcing Azure Synapse Analytics, a limitless analytics service, that brings together enterprise data warehousing and Big Data analytics. It gives you the freedom to query data on your terms, using either serverless on-demand or provisioned resources, at scale. Azure Synapse brings these two worlds together with a unified experience to ingest, prepare, manage, and serve data for immediate business intelligence and machine learning needs. “

Synapse Analytics consists of:-

Limitless scale
Powerful insights
Unified experience
Unmatched security

Next was an Azure ARC discussion and the main benefits it has with hybrid integration. Further details

Session: Tech for social impact: The road ahead

Speakers: Ryan Eckardt & Trisha McDonald

Microsoft is investing in purpose-built technology in Azure, modern workplace and business applications.

How are Microsoft assist with tech for social impact?

Philanthropic partnerships, commercial, partner and technology resources in a single, dedicated team to support the end-to-end needs of nonprofits
Relevant, affordable and innovative cloud solutions to help nonprofits of all sizes tackle the world’s biggest challenges
Social investment model with incremental revenue going to social good cause like affordable housing, skills and employ-ability programs and technology donations.
Digital capacity building programs to help nonprofits and their employees drive greater impact with the technology they have

Was a pretty cool session and heard real life stories to how Microsoft products are benefiting towards non-profit organisations

Session: Build and Manage distributed micro-perimeters with Azure Firewall

Speakers: Yair Tor

Using a Zero Trust approach is key to architecting security that spans on-premises and cloud. Identity plays a key role while network security remains very important in the way you implement it.

Protection services enabling zero trust

DDoS Protection – tuned to your application traffic patterns

Web Application Firewall – Centralised inbound web application protection from common exploits and vulnerabilities

Azure Firewall – Data ex-filtration protection using centralised outbound and inbound network application (L3-L7) filtering

Network Security Groups – Distributed inbound and outbound network (L3-L4) traffic filtering on VM, container or subnets

VNET Integration – Restrict access to Azure service resources (PaaS) to only your Virtual Network

The session then further focused on Azure Firewall. Not using Azure Firewall? It’s worth having a look, been using it for some time now – it’s great!

Azure Firewall Key Features

Application Rules

FQDN Filtering
FQDN Tags (e.g. Azure Backup)
Default infrastructure rule collection

Fully stateful network rules

Service Tags

NAT Support

Default SNAT
DNAT

Threat Intel (Now GA)

Deny and Alert on known malicious IPs and domain

Monitoring

Azure monitor logging
Azure monitor metrics

Network Watcher Integration

Announcement: Azure Firewall Threat Intelligence

Azure Firewall Updates

Recently released

Multiple public IPs now Generally Available (up to 100)
Availability Zones now Generally Available (99.99% SLA)
Threat Intelligence based filtering now Generally Available
TDS (SQL) FQDN Filtering in Preview

Sovereign Clouds

US Gov
China

Coming Soon (ETA H2 CY2019)

FQDN filtering for all ports and protocols
Native forced tunneling support
IP Groups in Azure Firewall rules

Azure Firewall Manager

Announcement: Azure Firewall Manager

Azure Firewall Manager Preview is a security management service that provides central security policy and route management for cloud-based security perimeters.

Central network security policy and route management for globally distributed, software-defined perimeters

Central deployment and configuration

Deploy and configure multiple Azure Firewall instances
Optimised for DevOps with Hierarchical Policies

Automated routing

Easy attract traffic to your secured hub for filtering and logging using central routing configuration

Advanced security with 3rd party SECaaS

Used best-in-breed third party Security as a Service partners
Combine with Azure Firewall for private traffic

The session finished with a demo on Secured Virtual Hubs.

A virtual hub is a Microsoft-managed virtual network that enables connectivity from other resources. When a virtual hub is created from a Virtual WAN in the Azure portal, a virtual hub VNet and gateways (optional) are created as its components.

A secured virtual hub is an Azure Virtual WAN Hub with associated security and routing policies configured by Azure Firewall Manager. Use secured virtual hubs to easily create hub-and-spoke and transitive architectures with native security services for traffic governance and protection.

Session: Advanced network best practices with Azure Express Route

Speakers: Charley Wen

The last session of the day, the session provided an update on new ExpressRoute capabilities and covers detailed architectural design considerations and best practices.

ExpressRoute features enhancements:-

FastPath for service provider circuits – Improve throughput, packets per second, connections per second , number of connections etc

BFD for Microsoft Peering – Reduce failover time to 2 seconds between primary and secondary connections

Multiple circuits from the same ER site to a single VNET – Main scenarios: redundancy and migrations

Resource Health in Azure Monitor – ARP incomplete, BGP Down

Announcement:- Express Route Local

New circuit SKU – access Azure from nearby ER site