Windows Server Fall Release (1709) Technical Foundation

Speaker: Jeff Woolsey, Principal Program Manager

WS2016 Recap

Design points

  • Layered security for emerging threats:  Jeff has been affected by 4 of the big, well publicised hacks. CEOs are being fired because of this stuff now.
  • Build the software-defined data centre
  • Create a cloud-optimized application platform

Security in WS2016

  • Long laundry list of features: Defender, Control Flow Guard, Devices Guard, Credential Guard, Remote Credential Guard.
  • Shielded VMs – you don’t trust the operators
  • vTPM – encrypt the disks
  • JIT Administration

Software-Defined

  • Compute: rolling upgrades with no downtime, hot/add remove, more resilient to transient storage, compute, network issues.
  • Network: Azure code brought to Windows Server 2016: SDN scale and simplicity. L4 load balancer, distributed data centre firewall.

He tells a very funny story on RAM support: 24 TB physical, and 12 TB RAM in Hyper-V VMs.

  • Storage: Hyper-Converged, Storage Replica, cluster wide QoS
  • RDS: Lots there too.

Hyper-Converged Infrastructure

Built into WS2016 Datacenter edition: Storage Spaces Direct (S2D). Uses SATA, SAS, SSD, and NVME, Working with storage industry to add new flash types.

  • Cloud design points: used in Azure Stack
  • RDMA at the core for performance and latency benefits.
  • Simplifying the datacenter: Add servers to add compute and storage capacity. No more SAN network. Storage controller is s/w.

Working on adding NVDIMMS: Intel Persistent Memory. Not as fast as real memory, but you can add lots of it in, e.g. 100 TB of “RAM”. Supported in WS2016 and SQL Server 2017 and later.

SATADOM is supported in WS2016 and later. It’s flash but its attached to a SATA connector (see image below). The idea is to do the “boot from USB” to free up a drive bay. This tiny drive plugs directly onto the SATA controller on the motherboard. Faster than USB/SD boot and more reliable.

Cloud Ready Application Platform

  • Windows Server Containers: The next generation of compute, following virtualization. Both are different techs, and going forward, both will probably exist. But containers will be the tech of choice for deploying applications: speed, ease of deployment, better densities, and more performance.
  • Nano Server: Ideal for the microkernal in Hyper-V Containers
  • Automation: PowerShell 5.0 and DSC

Now on to the new stuff

Azure File Sync

Klaas Langhout comes on stage.

I’ve covered this in depth already.

Back to Jeff. He asks Klaas if customers access the shares any differently on prem. Nope – it’s the same old file share and any Azure connectivity/tiering/sync is hidden.

Windows Defender Advanced Threat Protection (WDATP)

Using cloud intelligence to protect Windows.

  • Built into Windows Server
  • Behaviour-based, cloud-powered breach detection
  • Best of breed investigation experience
  • And more

You can sign into the Windows Defender Security Center to analyse activity to do forensics on an attack or suspicious activity, and learn how to remediate the attack.

Modern, Remote Management for Windows Server

I covered Project Honolulu earlier today.

Honolulu will remain a free download outside of Windows Server – expect updates every month.

FAQ on Honolulu

  • Price: Free
  • Edge, Chrome, Safari on Mac and more to be tested.
  • Installs on WS2012 R2 and later, Windows 10.
  • Manages Hyper-V Server 2012 and later and WS2012 and later.
  • Azure is not required.
  • AD is not required either.
  • Security: HTTS LAPS, Delegation
  • Configuration: No IIS, Agents not required. SQL not required. If you are pre-2016. you have to install WMF 5.1.
  • Positioning: Evolution of “in-box” tools. Does not replace System Center. Complementary to SycCtr, OMS, RSAT. Hopefully will eventually replace MMC-based RSAT.
  • Feedback: Via Windows Server UserVoice.
  • Extensions: It’s plugable, with alpha SDK today.

1709

On to the next release of Windows Server, coming in October.

Application Innovation

  • Container-optimized Nano Server image increase container density and performance.
  • .NET Core 2.0
  • SMB Support for containers
  • Linux Containers with hyper-V isolation
  • Windows Subsystem for Linux – to manage the above primarily

Where to Start With Containers

  • Containerize suitable existing applications. GUI-based apps aren’t suitable.
  • Transform monoliths into microservices, with new code and transforming existing code.
  • Accelerate new applications with cloud-app development.

What’s Next

Windows Server Insiders is a program to beta test and learn the new stuff in the semi-annual channel.

Post 1709 Improvements

Compute:

  • Honolulu integration
  • Shielded Linux VMs
  • Guest RDMA

Network:

  • Honolulu integration
  • Encrypted virtual networks
  • NTLM no longer required
  • SMB1 Disabled by default
  • and more

Software-Defined:

  • S2D Support for NVMe
  • S2D support for NV-DIMMs
  • Dedupe for ReFS
  • Cluster Sets to enable large scale HVI
  • Storage Replica test failover
  • Scoped volumes
  • Something on multi-resilient volumes

Windows Server – What’s New & What’s Next

Speakers:

  • Erin Chapple, General Manger Windows Server
  • Chris Van Wesep, Director Product Marketing

Erin Chapple starts things. Today they’ll talk about what’s new in Windows Server, what’s the future, and the hybrid/migration opportunities.

WS2016 Looking Back

Most cloud-ready OS:

  • Built-in security: Protection of identity (Credential Guard), secure the virtualization platform (shielded VMs, vTPM), and built-in layers of security (VSM, etc)
  • Azure-inspired infrastructure: Storage Spaces Direct, Network Controller, learnings from hyper-scale, affordable.
  • Hybrid application platform: Support for containers, built-for-purpose OS, Azure Hybrid Benefit for SA/Azure transition

Some customer case studies come up. Rackspace used Shielded VMs, Nano Server for applications (woops!) for hosting. A “large investigative government agency” needed to preserve lots of seized data (PB + per case). They used Storage Spaces Direct (S2D) on 8-node clusters, with data in VMs to isolate one investigation from another. biBERK used containers to deploy 22 apps on WS2016 Containers with Docker in less than 1 week.

The key for software-defined is the hardware. They leverage offloads so much that hardware must be more reliable. There is a Windows Server Software Defined Program (WSSD) and the site with all the info is http://docs.microsoft.com/en-us/windows-server/sddc.

Supporting You Wherever You Are

WS2016 is the basis of on-premises, Azure, and Azure Stack (hybrid). 80% of enterprises see themselves operating in a hybrid mode for the foreseeable future. 55% have a hybrid strategy in place as of a year ago. 87% are planning to integrate on-premises datacentres with public cloud.

Hybrid is not about a network connection. It’s about consistency right down to the API level: unified development, VMs, storage, data, identity, and much more.

Will Gries – Azure File Sync

This is a new hybrid service that is a part of Azure Files. Centralize storage in Azure Files, but without giving up the file server. You effectively cache data locally on file servers for fast local performance. The cloud enables sync between site, centralized backup, and easy DR.

He starts a demo. The file sync agent is installed on a WS2016 file server. It is syncing to Azure. He proves this by changing & deleting things on Azure and it syncs to the cloud. It’s all near realtime, using change notifications on file server to ensure that sync happens very quickly. Cloud Tiering enables the “cache” feature. The greyed files with an O attribute have a disk size of 0 bytes because they are stored in Azure. If he opens the file, it’s recalled from Azure Files seamlessly. Files that are able to do partial reads/writes can stream from Azure – he opens a video and we can see in the UI that it is streaming from Azure. In file properties, we can see it has downloaded the blocks via the stream, optimizing the download to only required blocks, thanks to streaming.

Back to Erin.

Windows Server Cadence

Industry is moving incredibly fast. Industries in that fast lane need server improvements faster. There will be two channels of Windows Server:

  • Semi-annual channel. An opt-in for SA or Azure customers, releasing every spring/autumn. Each release is supported for 18 months, so you can choose to skip every second release. Build = approx year/month, e.g. 1709 will be released in month 10 of 2017.
  • Long-term Servicing Channel: For everyone outside of SA/Azure or not wanting to upgrade every 6-12 months. Typical 5+5 years support program and in all channels. Name = Windows Server + Year.

Many companies will use a mix of both channels, selecting the channel based on demands of an application/service.

Windows Server Insiders will give you a sneak peek of semi-annual channel releases.

The date of the next LTSC release is not announced, but it’s going to be after 2018.

Introducing Server Core to Semi-Annual Channel

Server Core is replacing Nano Server for infrastructure and VM roles. Nano Server adoption was very low in these areas. In 1709, Nano Server is completely focused on containers. It is much smaller for containers by stripping out the infrastructure pieces. Server Core should be a “soft landing” for moving applications from Nano Server. Server Core is the MS recommended choice for infrastructure roles.

Note by me: I will continue to recommend full installations for infrastructure roles. The full GUI is not in the semi-annual channel. So if you want rapid upgrades, you better learn some PowerShell to troubleshoot your networking and drivers/firmware.

What’s New in 1709

Hybrid Application platform and Modern Management

Jeff Woolsey

Jeff tells us that containers are the same journey that we went through with virtualization. Containers will happen, but they won’t kill virtualization – they work together. We’re at the beginning of the next 10 year journey with containers. Jeff says that cloud admins, hybrid admins, IT pros, must learn containerization.

Hybrid Application Platform

  • Nano Server just wasn’t right for virtualization: drivers, installation, patching, etc. So they switched the focus entirely to containers to make it faster to deploy/update, and to get higher levels of density & performance.
  • .NET Core 2.0 and SMB support was added for containers … allows containers to store data on SMB 3.0 storage.
  • Linux containers with Hyper-V Isolation enables a cross-platform to run all kinds of containers but in a secure way (each container running real Linux kernels n a Hyper-V child partition), and Windows Subsystem for Linux. When Win10 added WSL, Microsoft wasn’t planning to do it for Windows Server. With Linux Containers, the case for Bash management on the host made this a viable option.

Telemetry shows that most people using Windows Server containers are choosing the Hyper-V model for security.

All of this is wrapped up in Modern Management.

Demo: Enabling Cloud Apps with Nano Server & Containers

This is the next generation P2V … moving applications (Docker Convert) from VMs to containers. In the demo, Jeff uses Docker to deploy a Hyper-V container in a container. It runs SQL Server & IIS. The Docker tools on GitHub converted the app to an image in less than 1 hour. Now the image is a container image which is easy to deploy. When running in a container, it uses a fraction of the resources that were used by VMs.

Next he deploys a Linux container image with Tomcat Server, on the same Windows Server host as the Windows container.

Nano Server

The base image for WS2016 Nano Server was 383 MB. In 1709 is 78 MB. With .Net it went from 413 MB to 107 MB. Those are the compressed numbers.

Uncompressed: the base image wen from 1.05 GB to 195 MB, and with .NET it went from 1.15 GB to 262 MB.

Management Re-Imagined

  • This is next-generation of “in-box” tooling.
  • Simplified, integrated and secure.
  • Extensible

Required for Server Core in the real world. The UI is HTML5 and touch friendly. It has to manage the h/w, the local VMs, and VMs in Azure.

Today we use Task Manager, MMC based tools like Hyper-V Manager, Perfmon, Device Manager, etc, CMD.EXE, PowerShell, Serer Manager, etc. Jeff mentions lots more tools Smile

Project Honolulu

A HTML5-based touch-friendly UI. It’s running on Jeff’s laptop against 4 servers under his desk back in the office. He opens the Overview (Task Manager info). Computer name and domain join are there. Environment variables, RDP are here. Restart/shutdown are here.

Roles and Features is next. No more need for Server Manager (yay!). Roles & features easily installed remotely. Events shows all the event viewer info. Note that filtering UI is much better here than in the MMC. Files allows you to browse and edit the file system on a managed server. Virtual machines allows Hyper-V VM management.

The system is agentless. Honolulu is a 30 MB MSI download to a management node which you browse to. It even works on Safari on Mac.

Honolulu will be a free download when it goes GA.

Back to Erin

What’s Next For Project Honolulu

A peek into the pipeline … things they are exploring and experimenting with.

Azure Backup in Honolulu – a wizard to set up the Azure bits and start backing up items/system state. They show some mockups of it all being driven from Honolulu instead of the Azure Portal.

The Azure Connection

Chris comes on stage to talk about Hybrid scenarios.

He starts off by talking about Software Assurance. Highlighted features:

  • Required for Semi-Annual releases
  • Hybrid Use Benefit to move to Azure  – up to 40% savings on the cost of Windows Server Azure VMs

Premium Assurance add-on adds 6 years of support to the normal 5+5 model (16 years total) for applications that cannot stay up to date, but can continue to get security updates.

If you watch this session, please note that Chris over-simplifies (a lot) the Hybrid Use benefit. It’s actually quite complex, regarding moving & co-using licenses and core counts.

End of Support

W2008/R2 end of support is Jan 2020 – 1/3 of servers fall into this space. SQL 2008/R2 end of support is July 2019.  For larger companies, they should look at cloud and/or containerization, or even re-development in serverless cloud.

Questions

  • Honolulu can manage all the way back to Ws2012
  • Not every app can/should be containerized – key thing is that you need remote management because containers don’t have a GUI.
  • Where is Honolulu installed. Can be on a PC, on the managed server, or on a centrally dedicated management server. Honolulu uses WMI and PowerShell to talk to the managed servers.

Overview of the Microsoft Azure Serverless Platform

Speakers:

  • Chris Anderson, Senior Program Manager
  • Raman Sharma, Senior Product Marketing Manager

Evolution of Application Platforms

We used to build applications on-premises. Find h/w, find someone to set it up, and then the bits, networking, etc. Counter to productivity.

IaaS meant that a VM could be provisioned faster, but still left with some delays, and still required on-going management. The current wave of SaaS is probably mostly built on IaaS.

Along came PaaS. VMs were abstracted, hiding the on-going management of the VM and guest OS. But we still have the same per-VM paradigm.

Serverless ideally reduces infrastructure to zero. There is really a server, but it’s not yours and there’s no hint of it. The app still has to run on something, but you never acknowledge its existence.

Traits of Serverless

  • Abstraction of servers
  • Event-driven start-up triggers/instant scale out or in.
  • Micro-billing instead of per-hour/month billing.

Benefits

  • Manage apps, not servers. Look after the thing you care about: the app and the code.
  • Reduced DevOps: there are no servers to fix/patch. You don’t have to scale out traditional PaaS.
  • Faster time to market

Your business can sell a service, consume data, seize an opportunity quicker than ever with serverless.

Serverless Application Platform Components

  • Functions: Execute your code based on events you specify.
  • Logic Apps: Design workflows and orchestrate processes. It’s the original serverless feature in Azure. Logic Apps tie together different things inside and outside of Azure in workflows made up of different steps.
  • Event Grid: A relatively new service in Public Preview. Manages all events that can trigger code or logic. A single interface for all such events. Manage where those events come from, and decide what you will do with those events (start Functions, Logic Apps, etc)

26-09-2017 16-18 Office Lens

  • Database: store the data
  • Storage: store data in blob/queue/NoSQL
  • Security services
  • IoT for massive numbers of devices inputing data
  • Analytics to process data realtime
  • Intelligence to use AI models to understand/action on data

Demo: Event Grid & Logic Apps (Chris)

In the Logic Apps Designer. Looks like Flow. When an event occurs to a storage account and is sent in from Event Grid, a post is sent to Teams. The body of the message is dumped into Teams, which is ugly JSON. They want to parse the JSON before posting it. A function is written in JavaScript. The function will do the required parsing of the JSON and create human-friendly output.

He adds an action between the two existing actions in the logic app designer. This will trigger the Function. The Function is passed the body of the JSON. The Function will return a response, and that is used as an input to the Teams action. That input is given a condition. If verbosity = ignore then the Teams action can be bypassed.

Now he deletes a storage account and Event Grid starts the logic app. He traces the logic app in the Portal job history – the trace shows that Team received the message from Logic Apps. After some debugging, the formatted event appeared in Teams. Quite a bit was accomplished in that process without a VM and with very little JavaScript.

Scenarios for Serverless

Short: Anything that is based on events.

  • Real-time stream processing, e.g. IoT. You have no idea when data is coming in, and how much will come in.
  • Time-based processing. E.g. collect logs and process them once per week. Why dedicate VMs/PaaS for that? Pay for the few seconds of compute that is required for the task.
  • Back-ends for mobile/IoT/web. E.g. someone uploads an image to a site, a function stores the image in a storage account, and another function processes the image (thumbnails, metadata, etc) and stores that data somewhere.
  • Real-time bot messaging. Use Logic Apps to workflow the processing of a question from a bot in Cortana Analytics and then send the result back to the bot.

Event Grid

26-09-2017 16-36 Office Lens

The list of services will grow – it’s only been in preview for a month and a half at this point.

It delivers at massive scale:

  • Sub-second end-to-end latency in 99th percentile
  • 10,000,000 events per second per region.
  • 24-hour retry with exponential back off for events not delivered

Logic Apps

  • A visual design experience without writing any code, no matter how complex it is.
  • Multiple connectors to Azure, third-party, or your own services/functions.
  • Uses a declarative definition format to work with CI/CD.

There are over 170 (and growing) connectors to orchestrate, e.g. Slack, SalesForce, Twitter, Box, Facebook, GitHub, DropBox, Pintrest, WordPress, etc.

Functions

An evolution of WebJobs from PaaS.

  • Develop locally using best of class developer tools
  • Boost productivity through triggers and bindings.
  • Choose from a variety of programming languages
  • Integrate with existing DevOps processes.

Lots of triggers: schedule, HTTP (REST or webhook), Blob storage, events, queues, queues and topics, storage tables, SQL tables, NoSQL DB, Push Notifications, Wwilio SMS Text … and one I missed.

What’s New in Functions

  • You can develop locally on Linux, MacOS, and Linux
  • Monitor serverless applications using Application Insights (now GA)
  • Trigger a function on changes in Cosmos DB
  • Securely provide access to information in Microsoft Graph through a function.
  • Trigger a function from a real-time analytics pipeline in Stream Analytics

Demo

Four volunteers go on stage. There are two IoT buttons. When they are pressed, they’ll send a message to Azure IoT, and will trigger Functions. Fastest to answer questions get most points, last gets least points. And then questions on Serverless tech come up. The scores are processed by Serverless compute using Functions. In this case, the functions were actually running on a local host (WS2016).

Customer Stories

  • Fujifilm: Online service handling 1 TB data per day. Monolithic design where code change was hard. Cosmos DB and Functions reduced latency by 95%. Development time reduced by 75%. Higher reliability. Ability to add new features and release faster and more frequently.
  • Quest: Uses serverless for a SaaS application. Able to manage millions of objects. Cut time-to-market by 2/3. No costly on-premises h/w.
  • Plexure: Service to help retailers understand “signals” from their stores to optimize sales. Built serverless with functions, even hubs, IoT, machine learning and Cosmos DB. Reduced efforts and scales on demand. Used to build infrastructure for each retailer. Now they just publish APIs.

Azure Files With Sync

Speakers:

  • Klaas Langhout, Principal Program Manager, Azure Storage
  • Mine Tanrinian Demir, Principal Program Manager, Azure Storage

This is the one feature that is announced this week that I know for certain will turn into business for my customers so I’ve been looking forward to it finally going public.

Today

  • Simplify share management using the cloud.
  • Leverage snapshots to backup your data
  • Use files to sync between offices
  • Tier cold storage to the cloud.

Azure is a bunch of lego blogs that can be assembled to produce services. A keystone is Azure Storage. Hyperscale at >30 trillion transactions per second at the moment across trillions of objects. It’s durable, secure, highly available, and OpenSource friendly.

One distributed storage system system offers, blob, files, disks, tables and queues, across more regions than any other cloud.

Azure Files (Preview)

Originally launched for lift-and-shift. If you had a legacy LOB app that needed a file share, you deployed Files instead of a VM file server. It was not intended for end user access. Offers SMB 2.1 and SMB 3.0. And if offers encryption at rest.

Why File Servers?

People still do not store things in the cloud. OneDrive and SharePoint online aren’t for everyone. Reasons:

  • App compat: file path lengths, etc.
  • Performance: latency to the cloud is an issue for things like AutoCAD.

Customer Pain

They still want to use file servers, but they’re struggling:

  • Cold data that must be kept
  • Capacity management
  • DR
  • Backup/restore

Companies with branch offices have a multiplier effect of the above.

Value Prop

  • Centralize file services in a managed cloud service
  • Reduce complexity associated with server sprawl
  • Preserve the end user experience – keep the file servers and performance

What it Does

A customer with a file server and the disk storage is a problem. Join the file server to a sync group in Azure Files. Older (actually all) files are moved to the cloud (transparent tiering with “stubs” on prem). If you lose the file server, you build a new one, add it into the existing Files namespace, and the meta data is downloaded. That means users see the shares/data very quickly. Over time, hot data is downloaded as files are used.

You can add another file server and join it to the same sync group, or create more. This synchronizes the files between the file servers via Azure Files (the master now).

Coming soon, not in the current preview), you can synchronize Azure Files from one Azure region to another for DR/performance reasons. You can than hang servers close to that region off of that copy, with inter-region sync if you need it. If one region dies, the file servers associate with it fail over to the other region.

Existing file server access doesn’t change.

If you are using Work Folders (HTTPS access to file shares from Windows, iOS or Android) then this continues to work with the file server.

Users can access file shares ove3r SMB/REST directly via Azure Files.

There is Azure Backup integration so you can backup your file shares in Azure without doing any backup at all on-prem. Killer!

Demo – Setup

He’s in the Azure Portal and searches for Azure File Sync. He clicks Create. Simple creation of entering name and resource group. Supports West US, Souteast Asia, East Australia, and West Europe today, but more will be added.

He’s already downloaded the MSI for the agent. Installs this on a file server. Today, you must installed Azure RM PowerShell but this will be folded into the agent install later. The file server is registered via an Azure sign-in. Then picks a subscription, picks a resource group, selects the Storage Sync Service. This requires another sign-in and a trust is created between the file server and Azure Files.

Back in the portal, he opens the sync service resource, and the file server is shown as Online, with OS version and agent version info.

He creates a sync group and associates it with a pre-created Azure File Share. There are no server endpoints – things we sync to the cloud from a file server, e.g. a path. You can synchronize multiples sets of folders, using sync endpoints as policy objects. You cannot sync the system root.

In the Azure File Share – Storage Account > Files – we can see the contents of the file share are now in Azure. He renames a file on the file server, and 2 seconds later it’s renamed in Azure.

Scenarios

  • Multi-site sync
  • Cloud tiering
  • Direct cloud access
  • Integrated cloud backup
  • Rapid file server DR

Demo – Tiering & Rapid Restore

There are 2 sync groups. One of them has two file servers sycnrhonizing to it. One of them has a policy to keep 95% free space (not realistic but engineered for demo reasons). This means that you can control tiering, to ensure that there’s always at least a certain amount of free space on a file server. Server 2 has a policy to keep 10% free space.

Tiering takes time to quiesce. Attributes show if a file is offline (O) or in Azure. The icon also shows the file as being offline by being transparent.

Questions from the audience:

  • About synchronized locking. Today, there is no lock sync. It operates like OneDrive. If there are two clashing writes, both will succeed. But, one will be written as a copy. MS knows that lock sync is a hot request.
  • This has nothing to do with DFS-R. It uses something called the Microsoft Sync Framework that is around for over 5 years and is used by SQL Server.
  • How is StorSimple affected? StorSimple is intended as on-prem storage in a single site. It uses blob storage which isn’t user accessible. Azure File Sync
  • Is this in CSP? He’s not sure, but if it’s not, it will be soon.
  • Are there file size limits, etc? There are file size limits but there are things being done. They’re published in the release notes. 5 file servers per sync group in the preview. 1 TB per file. They’ve tested up to approx 30 million files. The maximums will grow as they test during the preview.

Back to demo. He added a blank server to the sync group with contents. Meta data of the share/files appears almost instantly. That’s “rapid restore” in action:

  • Add file share to a new file server
  • DR scenario.

Talon Storage – Charles Foley

Customer: TSK that designs & fits out workplaces. They want as little on-prem IT as possible. Not a huge company. They had people in multiple locations with file servers, collaborating. They used Talon FAST in front of Azure Files, enabling sites to see a single share across sites. And this supports file locks in Azure Files, preventing the overwrite scenario.

Azure Files Use Cases – What’s New

Mine from Microsoft takes over.

Top Use Cases:

  • Highly available FTP Server. Creating load balanced stateless FTP servers that use Azure Files to store shared content. Results in scalable and highly available FTP server.
  • Store scripts in Azure Files instead of on a file server VM. SMB 3.0 encryption should be used in hybrid scenarios. Output sent to Azure Files and can be processed later on-prem.

New in 2017

  • Security: Encryption At Rest using your own key (Key Vault), SMB encryption for Linux.
  • End-to-end integration: Data import, a new tamper proof 100 TB disk device announced yesterday. Getting start tools for Windows and Linux. Export is coming.

Announcing Today

  • Azure File Sync Preview
  • Network ACLs Preview – secure your storage account with layer 4 firewall rules.
  • Azure Monitor Preview to troubleshoot or manage performance

Coming soon:

  • Share Snapshots Preview – a data consistent share snapshot
  • Azure Backup Integration Preview – create policies to backup a storage account.
  • LRS price reduction of 25%

Demo – Storage Accounts

She opens Files in a storage account. There are some shares. She shows that you can use Net Use or Sudo to connect to a file share over the network. She creates a snapshot. Then she views snapshots. Loads of them there already because Azure Backup is enabled. In the recovery services vault, she opens Backup Items. We can see shares in there. She adds another in the same Backup wizard as usual. A backup policy is selected.  We see that we can manually restore a share or a file. On a VM file server, she shows a mounted file share with files in it. She has also mounted a snapshot. Because of this method, Previous Versions in the file share can be used to view/mount snapshots.

Azure Backup is Azure Files Sync aware.

Retention up to 120 days. Storage costs are incremental. You pay per storage account being backed up.

EDIT:

I met with some of the Azure Backup team later in the week to discuss backup of Azure File Sync because the above system worried me. Here’s what I learned. The above system is just for the preview. The system will change when Azure File Sync goes GA:

  • Backups will be to the recovery services vault
  • Longer retention will be possible

Roadmap

  • AD integration and ACLs
  • Larger shares (~100 TB instead of 5 TB)
  • Azure file sync GA
  • Cross region sync of storage
  • ZRS – sync writes across three availability zones

Questions

  • Supported OS for File Sync: WS2012 R2 and WS2016. PCs are not affected because they connect to file servers.
  • Expansion of file share max capacity will roll out to all existing shares.
  • Any road map on compliance and legal hold? Bit of a woolly answer.
  • Any character file path limits? Published publicly. Some characters are not supported, but they’re using telemetry to monitor that for future support. Non-compliant files are skipped, and an error is created on the server. Same happens with files that are too large.
  • You can do around 10-20 sync groups per file server … that can be lots of shares.
  • Deduplicated volumes are not support at this time, but they plan on adding support. They are investigating using dedupe to reduce transmission and storage costs.
  • Egress charges: The Talon guy talks up. Their customer’s egress charges are under 1% of their total bill, in the 10s or 100s of dollars range.
  • The file sync protocol is REST-based.

AzureStorageFeedback@microsoft.com for any feedback/questions.

Vison And Upcoming Innovations for Microsoft Remote Desktop Services

Speakers:

  • Scott Manchester, Principal Group Program Manager
  • Joydeep Mukherjee, Senior Product Marketing Manager
  • David Belanger, Senior Program Manager
  • Guest speaker: Sridhar Mullapudi, VP of Product Management, Citrix

Joydeep starts off.

At the last Ignite, Microsoft committed to making RDS the virtual workspace platform of choice. In WS2016, they added performance, scale, and optimization for the cloud. They considered all of this to be “platform capabilities”.

Future Innovations Overview

  • Increasing security, by leveraging things like signals from the security graph, MFA.
  • More cloud ready, a second level of cloud enablement on Azure.
  • Windows Apps everywhere

Scott takes over.

More Secure

Secure authentication powered by Intelligent Security Graph:

  • Azure AD integration
  • Single sign on, MFA
  • Conditional access

Secure environment powered by modern infrastructure:

  • Each tenant in its own sandboxed environment
  • Isolation of infra roles from desktop and app hosts
  • No inbound IP ports – more on this later in the session.

Demo

They’ve been adding AAD integration into the RDS clients. An “enlightened app” is shown, and he’s subscribes to a feed. He signs in, and the normal AAD MFA process kicks in. The RemoteApp client loads and shows the published apps (and published desktop) from the feed.

This will go live next year, and maybe this AAD functionality will be in all clients by then.

Environment

Normally, gateway, web access are domain joined and public facing. In the same network as connection broker, license server, RDVH and session hosts.

Going forward with Modern Infrastructure, the RDVH goes away, merged into the broker. A new diagnostics role is added. So, gateway, web access, diagnostics, connection broker and license server are non-domain machines. In an isolated VNet, the domain joined appllication and desktop hosts are joined to Azure AD.

Multi-tenancy is native to this design. The non-domain stuff has no domain join so it’s multi-tenant. The session/app hosts are domain joined so they are per-tenant.

IP-wise, 443 is required to the gateway, but the hosts are not public facing.

More Cloud Ready

Deploy gateway, connection broker, web server, licensing server as Azure App Services roles – PaaS reduces costs and maintenance. The legacy method will still be supported for on-prem deployments. App and desktop hosts are VMs which integrate with this PaaS deployment via a package. FYI, you can deploy the PaaS stuff in Azure, and do your VM hosts in Azure or on-prem (hybrid RDS deployment).

WIN_20170926_09_18_07_Pro

Demo

He opens the Azure Portal. There are no VMs in the Azure deployment. The infrastructure roles run in App Services. Key Vault is being used to store certificates. The broker DB is using Azure SQL. PaaS is possible because every role is stateless, other than the DB. Scaling out is easy: it’s web apps! You just use the scale out feature of web apps to add instances to the app service plan. You can also using auto-scaling to do it based on demand (rules monitoring CPU usage for scale out and scale in). If you don’t know this stuff, it’s very easy to set up scaling.

A company called PeopleTech (sounded like that) has built a UI for managing RDS Modern Infrastructure (RDMI). Apparently it’s similar to what RDS in Project Honolulu will look like.

Sridhar from Citrix

Honestly, this isn’t a big deal for me because none of my customers use Citrix, and Citrix’s “Azure” products only work in Enterprise Agreements. This is a marketing pitch so there’s no notes here other than support for Windows 10 S.

Back to MS with David.

Demo

An MS-owned RDS client for Mac is in public preview. It looks nice. Admins can group desktops logically for easy click-and-login. There’s thumbnails for identifying the desktops. There are options to disable thumbnails (privacy) and for list view (scale). It will support AAD with RDMI. Applications can be in folders. The Mac OS has some limitations – running published apps don’t get their own native icons in the task bar like they do on Windows, but MS will work around that, including app switching.

Next up is the Windows App for the RDP client. A lot of future improvement here are focused on admin usage (needed if it’s ever going to replace MSTSC.EXE). Indicator to see which desktops are connected. Multiple simultaneous connections is supported. You can easily switch desktops and go “home”. A coming feature in the app is to put the desktops into different windows. There will be an option in settings to open each connection as a new window. RDP files  can be associated with the App and open the desktop in a new window. For high DPI devices, you will be able to control the resolution and/or scaling of the display. You’ll also be able to choose to stretch the content but keep the aspect ratio, or stretch the content only. When you create groups, you can move connections between the groups.

Right now, almost all of this is available now, except multi-window support.

Next up is the new HTML5 web client. This will support RDMI and classic WS2016 deployments. In the demo, you can see the UI is refreshed and modern. It kind of runs similarly to the Windows Store remote desktop app. When connected, the session is in the browser. When you go full screen, an RDP bar is pinned at the top by default, but you can un-pin it to give more space to the app/desktop.

Azure Compute: New Features & Roadmap

Speaker: Corey Sanders, Director of Compute, Azure, Microsoft

Lots of stuff that hasn’t been talked about yet.

Compute Through The Ages

Some old PCs, aa rack, a video of Monkey Boy doing developers developers developers, tablets, the cloud, and an alien (Quantum Computing).

Digital Transformation

Drink!

  • Engage customers
  • Transform products
  • Empower employees
  • Optimize operations

What’s Important to You?

  • Security
  • Availability
  • Cost savings
  • Automation
  • Infrastructure – sounds like a dev audience based on the boos.
  • Application PaaS
  • Management

VM – Compute

  • ND (new) and NCv2 (next few weeks) have launched with P100 and P40 GPUs.
  • Partial Core Alternatives for SQL/Oracle. You can reduce the number of cores that you can see/use in large VMs to get the other features of that VM, e.g. lots of RAM.
  • B-Series burstable VMs with a baseline low CPU capacity. Earn credits by using under the baseline, and burn those credits by getting more CPU capacity.
  • SAP system has 20 TB of RAM, 960 CPUs, 60 TB multi-node, bare-metal performance because these are bare metal machines.

VM Scale Sets

Up to 1000 VMs in a single manageable unit. Adding auto-OS update by the end of the year. IPv6 load balancer support. Zone redundant VMSS (availability zone automation).

Managed Disks

Abstract away the underlying storage. Data always encrypted at rest. Coming:

  • Incremental snapshots
  • Larger disk sizes
  • Cross-subscription/region sharing
  • Private repository

Security

  • Unified visibility and control
  • Adaptive threat detection
  • Intelligent threat detection and response
  • Investigation into security risks

Announcements:

Missed all this because of speaker speed.

Demo:

An alert of a suspicious process being executed. We can run a playbook from a list. They’re logic apps under the covers. The playbook designer looks like Office Flow. Example shows message being posted in Teams and a ticket being posted in ServiceNow in the event of a high priority alert. He shows that he could post a message in Slack.

Accouncements

Confidential computing which uses Intel silicon to run bits of processes with secure data. This is built on WS2016 Hyper-V technology. This should be small bits of code because you cannot debug it because it’s … secure.

Governance and Management

Lock down who/what/when.

New policy management is announced this week. JSON policy is a lot easier now. CloudDyn is free in Azure.

  • Azure Policy Center
  • Management groups
  • Managed Apps GA
  • Update and Configuration Management
  • Azure Policy Center

Policy Center is in the Azure Portal. under Policy – Compliance. You can do things like “Deny Hybrid Use Benefit” or control VM extensions, control managed disk usage, restrict image creation, etc.

Sample JSON policies are shard in GitHub.

Management Groups

Organizational alignment for Azure subscriptions. Targeted resource policy, access control and budgets. Compliance, security, and reporting by team.

Update, Configuration, And Change Tracking

Windows and Linux, Azure and non-Azure.

Collect and search inventory. Track changes to each system. Autocorrect configuration.

Schedule patching and check compliance.

Application Service Catalog GA

Turnkey for managed workloads. Sealed for simplified usage. Managed by central IT.

Availability

Different tiers: single VM, availability sets, availability zones, and DR.

Availability Zones

PowerShell in the Cloud Shell

Azure Automation with Python.

Availability Zones

Physically separated unlike fault domains. Still in a single region. A zone is one or more data centres. Redundant power, network, and cooling. Reduce single points of failure in the platform. At GA, will offer 99.99% SLA over the 99.95% SLA with availability sets, or 99.9% SLA on single VMs with Premium-only storage.

And then there is DR, to give you replication of VMs using Azure Site Recovery to another region.

Cosmos DB, MySQL/SQL/PostGres, Blob storage, and VMs all have inter-region DR solutions.

Backup and DR

Backup in a single click with VMs. DR with Azure-to-Azure Site Recovery. Recovery Plans, with Automation, offer single-click orchestrated failover.

Maintenance

Currently it typically takes under 30 seconds to do maintenance on hosts in Azure – warm reboot of Hyper-V called in-place migration. They actually replace the entire host OS during patching!

On-demand maintenance. 2-4 week notice window. You can do the reboot on your own schedule. Full reboot updates only. Demo.

A notice appears (also email) to say a VM will be rebooted for host maintenance. You can click Start Maintenance, to move (reboot) the VM to a host that is already updated. It’s in preview in West Central US.

Cost Savings

  • Track usage and cost trends (CloudDyn)
  • Detect spending anomalies
  • Allocate usage to business units
  • Reduce cost of services

Batch:

  • Reserved instances on the way.
  • B-Series VMs
  • Batch VMs – all sizes in all regions, and mixe low and high priority VMs
  • Pre-emptible VMs with up to 80% fixed – for non-critical VMs where MS can take resources back from you.

Future: Serial Console

This is experimental at the moment. A Serial Console is connected to a VM (RHEL). This is an interactive console, not just the screenshot of Diagnostics today. He is logged into RHEL in the VM. He then runs a reboot and watches the entire process, which we wouldn’t have seen via SSH.

This is Linux focused, but they’re working with Windows to find a solution.

Containers & Microservices

Azure Container Instances (ACI) are on the same level as VMs in Azure. Service Fabric and Kubernetes sit above them in management layer. Containers with Kubernetes are “managed containers”.

Announcing: ACI on Windows and ACI on Service Fabric.

40% of Service Fabric customers today are also deploying on-prem, and containers are the perfect compatible solution.

He does a demo to deploy IIS on Nano Server in an ACI (normal Windows container) with a public IP address.

Now a demo of ACI in service fabric. There’s a JSON that specifies the container spec. He’s using a tool called Service Fabric Explorer. He deploys a Linux container in the Service Fabric.

Service Fabric Ga for Linux

You can deploy Linux service plans. You can orchestrate on Linux or Windows. Run a million containers on a single cluster.

Azure Container Service for Kubernetes

You can provision Kubernetes very quickly and easily on Windows and Linux.

Some investments on tooling – an acquisition of a company that sounds like Deus.

Lots of partner solutions from the likes of Dicker Enterprise to manage on-prem and in the cloud with one experience. RedHat OpenShift to manage Kubernetes & RHEL ACI hosts. Pivotal is designed to lift and shift Java applications to containers – Azure, on-prem, and other clouds.

App Services and Serverless

This is a layer above Service Fabric and Kubernetes. We can do this cluster-less (App Services) and server-less (Functions) or Logic Apps.

Web Apps and Linux Containers are GA. You can integrate with Docker Hub and VSTS, and SSH into them.

Azure Event Grid

Treat events as first class objects. Things like Logic Apps and Functions start because of events. Many platforms don’t treat events as first class. As first-class, the events can go anywhere, e.g. from Azure Storage to AWS Lambda. Your apps can listen for events, e.g. WebHooks, Azure Automation, Logic Apps, Functions.

When an event happens, it goes into Event Grid. Then it can be directed to one of the above 4 services in Azure.  From Logic Apps, you can integrate into lots of things like Twitter, Slack, SalesForce, etc, via Logic Apps’ ability to do workflows.

This is “event-driven computing”.

More Announcements

  • Cosmos DB Trigger
  • Microsoft Graph Bindings
  • MacOS and Linus Local Development
  • App Insights GA

Enable IoT Solutions with Windows 10 IoT Platform

Speakers: Adi Hariharan (Group Marketing Manager Windows IoT) and Jimmy Chen (Senior Consultant PDS Sales – IoT)

This is an introduction to IoT.

Cuts Across Industries

You cannot avoid IoT. It is spreading everywhere in all parts of life. Manufacturing, smart cities, transportation, retail, healthcare, energy, public safety, and agriculture according to the slide. But it’s in real life too … fridges, TVs, ambient devices, etc. IoT is one of the methods of Digital Transformation.

IoT is not new and it is complex, but Microsoft is trying to make it easier. Integrate the technology into the device (intelligent edge), and use the power of cloud to gather data, filter/process it, and make use of it (intelligent cloud).

Why Choose Windows IoT

MS has been in the embedded business for over 20 years. Lots of competition: Linux, Wind, Ubuntu, AndroidTGhings, raspberry, redhat, ARMmbed, Riot, Tizen. Windows is mature. It can get to market faster, has security built in, is deisgned for the intelligent edge.

Solution Journey

  1. Build
  2. Connect
  3. Scale
  4. Operate

Build

Jimmy Chen takes over.

Building IoT devices isn’t that easy. “Building a device is as easy as building an app” – not really, but that is the aspiration. Build on Windows, using familiar tools (Visual Studio) and managing it using familiar tools. Things like speech, touch, and ink are embedded.

Visual Studio: C#, HTML/JS/ C++ and more. One Dev Center for pulling back device information. Legacy applications can work on most editions of Windows.

Using Windows IoT embedded, then drivers/firmware are easier. You use the system features and APIs to use the hardware, and use background services for long running tasks. Specialized hardware still requires drivers, but this isn’t that common.

Windows 10 IoT innovations:

  • New SoCs, including Raspberry Pi 3.
  • Azure IoT Hub Device Provisioning
  • Azure IoT Hub Device Management
  • Project “Rome” remove device management
  • New controls and embedded features, standby, on-SOC PWM, NFC and more,.
  • Productization resources
  • Turn-key security: Device Guard for IoT, Defender, BitLocker
  • App Services

App Servicing for IoT:

  • Windows Store
  • Install (Windows Store Preinstall Program and MDM)
  • Servicing (Windows Store)

We see a video from a service called Xogo: an app that can turn any Windows 10 device into a digital sign: www.xogo.io

Connect

Two kinds of connections: connect to the cloud and connecting to the legacy devices that you already have. Windows 10 IoT has all the APIs for connecting to the cloud built in. Every IoT device connects to the same URL in Azure. You have to configure which IoT Hub you need to connect to. Device is manufactured with an ID from the Azure IoT Hub Device Provisioning Service. The device is shipped to the customer and connects to the UIiT Hub Device Provisioning Service. That knows which Azure IoT hub to register the device to. Assymetric keys are sent to the device, which then uses that information to connect directly to the IoT Hub.

Intelligence at the edge:

  • Modern, familiar UI development
  • Natural user interface and world sensing support
  • Edge compute: not just a sensor but the ability to do some tasks

Vision, speech, and sensor perception open up powerful industry scenarios using:

  • Windows sensor & perception APIs
  • Microsoft Cognitive Services
  • Computer Vision – OpenCV
  • Speech recognition and synthesis APIs
  • Bing Cloud Speech
  • Cortana and natural language understanding

Scale

You need cloud to scale to more than just a few devices. App servicing and telemetry via the Windows Store.

Building a trusted device/solution starts with the device:

  • TPM
  • Windows Device Attested Health – Device Health Attestation for IoT Core (public preview) – device uses TPM to measure configuration – reposts to MS device halth attestation service, and then you use the report in MDM
  • Secure Boot
  • BitLocker

Threat resistance:

  • Windows as a Service
  • Device Guard
  • Windows Firewall
  • Windows Defender

Data protection in-motion:

  • X.509/TLS-based handshake and encryption

Cloud Security

  • Encryption at rest
  • AAD
  • Key Vault
  • Policy-based access control
  • IP-based blocking
  • Secure Device Registration (above)
  • Standad-base best practices

Response:

  • Device management
  • Device recovery
  • Device-specific repudiation: device wipe or block the device.

Operate

This is all about managing the device. Enterprise scale is 100,000 devices apparently – typical MDM might be fine. When you go into millions of devices, you need to use the Azure IoT management solution: IoT Hub.

Why Microsoft IoT?

You can easily:

  • Build devices with Windows IoT Enterprise (smarter devices) and Windows IoT Core (basic devices)
  • Connect to Azure IoT with lots of ready services

You can build all the security, management, AI, etc yourself on another platform, but Windows 10 IoT and Azure have all that ready to use.

Example Customers

FarmBeats is a MS Research project to reduce the cost of farming and to make it smarter. Uses sensors, helium balloons with vision sensors, and drones. Comms based on the unused TV spectrum. They use a heatmap of the farm to plan crop management, using Azure Machine Learning.

Why Should Enterprise Care?

Opportunities to build smarts into all kinds of systems are possible. Businesses can consume and use data with AI-based intelligence, or can optimise existing dumb systems to improve production, reduce times, decrease waste, optimize human effort, etc.

Scott Guthrie Keynote Ignite

Scott Guthrie is presenting on Azure and server solutions.

Defining aspect: ability to release new features at scales and speed that were never possible before, e.g. IoT. Lots of cool stuff, but it’s often overwhelming. Expectations by employers is super-high. There’s worries about hackers/security, while trying to become/stay an expert. Having lots of features is not enough – it has to enable you to use it. There needs to be a cross-cloud end-to-end experience, that is hybrid, intelligent, and trusted.

90% of Fortune 500 companies use Microsoft Cloud. A video comes up with Mars. Their SAP installation and 150 other workloads are on Azure, growing to over 500 in the next year. Next Games can produce game content faster on Azure with support they don’t get elsewhere. GEICO have all the capacity they ever need from Azure.

Back to Scott to talk about end-end management. Corey Sanders comes out.

Corey Sanders

He wants to show how easy Azure is in is integrated management demo. He starts on infrastructure. He says there’s lots of scale out there, including the 128 vCPU M-Series machine with 3.8 TB RAM with nested virtualization. He’s doing “inception mode” virtualization. Next there’s Powershell in the Azure Portal, in preview today. That gets an applause. You can also use this in the mobile app (Android and iPhone). He says you can create a VM with 1 parameter (machine name) … must be storing all the other config somehow. The –whatif flag is useful now.

He’s got a VM running. There’s new stuff in the Operations section in the VM blade. Update Management shows updates that have been installed or need to be installed in the guest OS. You can schedule, include/exclude updates. You also have a centralized view of Linux and Windows machines guest OS updates. This can also be used with on-premises updates – Azure Automation hybrid workers.

Change tracking is there for file, registry, settings changes on machines or the entire environment, Windows or Linux.

The above was all Log Analytics stuff.

On to DR with Azure Site Recovery. There’s a demo of Azure to Azure Site Recovery. Replication is easy. He shows a test failover to a sandbox in the secondary region. Use recovery plans to orchestrate.

Log Analytics is now built into the Azure Portal instead of some mysterious OMS portal. He shows a SQL-style query to produce a CPU utilization chart. He then expands that to show IIS requests VS CPU utilization for a SharePoint farm.

Scott Guthrie

HSBC is using Azure – one of the 10 largest banks. Another video plays. They had a shared platform for 150 sites that aged and couldn’t scale. They adopted Azure and the previous limitations aren’t there anymore – 10x expansion of used resources versus legacy. Overtime is down and staff more relaxed.

An exciting time to be a developer with apps, bots, mixed reality, and more. Visual Studio 2017 with .NET Core 2.0 work best with Azure. Xamarin is built into Visual Studio for Android and iOS clients.

James Montemagno

He shouts his excitement coming out. Lots of templates for ASP.NET Core backends and mobile apps. He demos debug in VS while the app is “simulated” on a real iPhone. VS updates to show the code running. He also shows live code updates. He updates code in VS, and the screen changes on the iPhone over local wifi.

There’s Docker integration for backend systems – one click required to create a Docker image. Now when he debugs the code, VS spins up a container and deploys the app into the container. The Docker image is portable – it’s a simple publish to Azure (Compose and File for Docker were automatically created). When he clicks publish, VS pushes it into the Azure container registry to create an App Service.

Scott Guthrie

UPS use .NET Core, Xamarin and Azure: video. On to the DevOps topic. Visual Studio Team Services makes it easier to set up a DevOps model.

Donavan Brown

Shipping code frequently requires adoption of DevOps best practices. He shows a VSTS dashboard with schedule, bug, and review tasks for the day. Bugs, tasks, and code in one place, in priority order. One board shows status of what everyone is doing. Git usage means there’s lots of branches. You can associate a branch with a work item in VSTS. A pool request brings branches together. This can be done via a social network. VSTS integrates the dev and the IT Pro via Azure. Continuous delivery in Web Apps allows code to be easily deployed into the service, supporting lots of languages (incl Ruby and Python) on Windows or Linux app services.

Scott Guthrie

He returns to talk about the Microsoft unique selling point: a complete hybrid cloud: AD, services, data and security. Azure Stack started shipping today – the same management API, portal, and developer services as in Azure but running in your site. Ships, factories, regulatory requirements are some scenarios.

EY is using Azure. They use Azure Stack for storing some sensitive stuff in some countries, e.g. Russia. Video comes up. Super easy to use and 100% consistent with Azure.

Natalia Mackevicius

From the Azure Stack team. Good ol’ Northwind Traders is using Azure Stack *cough*. Azure is used to consume data from ships worldwide. On the ships, Azure Stack is being used. Functions are being used to parse data on the ship before sending it to Azure. A VS demo. She deploys using VS to Azure Stack.

Scott Guthrie

Azure Stack is shipping from Dell, Lenovo, and HPE, and you can order from Cisco. You can deploy Azure anywhere in a matter of hours. Dealing with data in hybrid or pure cloud can be complex. Azure allows consistent use of SQL Server. SQL Server 2017 runs on Windows, Linux, and Docker – available Oct 2. A new adaptive query processing system for faster-than-ever queries. Built-in AI functionality is there too. A financial services startup called dv01 decided to switch to SQL Server – video. This was controversial because they are an open-source shop. Queries went from 10s of seconds to seconds.

Lara Rubbelke

She has a Mac on stage. She pulls the latest SQL image via Docker and deploys it in about 2-3 seconds. It supports PHP, Phython, Ruby, etc. A Node.JS program is used to test client connectivity. A table with 5 million rows is created. An app is used to test performance of queries – 231 MS. She enables a “clustered column store index”, a feature unique to SQL Server. It orders data storage on disk and enables better compression. Performance is now 6 milliseconds (39x faster).  Today lots of features are being added to every edition, including SQL Server Express.

Scott Guthrie

He announces GA of SQL Server 2017. A new data migration service offers a fully automated workflow for Oracle and on-prem migration to Azure SQL without changing code. DocuSign chose Azure as their preferred cloud platform: video. They moved things to Azure SQL with minor modifications.

Lara Rubbelke

We’re losing the audience at this point – people starting to leave. I guess the PaaS focus is losing people who came looking for IaaS content.

Lara shows an app that connects to 2 local SQL 2008 R2 databases. She is using the Azure Database Migration Service. She enters the name of the target and details of the source: Oracle, MySQL, or supported SQL Server. The databases “restore” to Azure. This can be small databases or multi-TB databases. The databases are now running in the cloud. In the app code, the connection string is changed to the Azure Managed Instance DB. The app is refreshed in Edge and we see that it’s working and connecting to Azure SQL DB Managed Instance.

This is a managed PaaS SQL service – no VMs, no OS, no machine performance management, no patching, no upgrades.

Scott Guthrie

Cosmos DB is a globally distributed database with 1 MS latency, giving lightning performance no matter where users are (except China, thanks to the Great Firewall of China). It can scale to any need. You can run serverless code in Functions in response to data change in Cosmos DB. Asos is using this: video.

Rimma Nehme

Comes out to talk about Cosmos DB. She talks about the requirements of a planet scale app.

The trickle of departures is a steady flow now. They’ve lost a chunk of the audience who are here for other content.

Creating Cosmos DB instances is easy in the Azure Portal: name, resource group, etc. You can pick an API, e.g. SQL, Mongo, Gremlin (graph), and Table. You click create, and you have a globally distributed database. She already has a demo DB that she visualizes as a graph of all the nodes – in 10 regions. She can easily add more nodes (regions) by selecting them on a map and clicking save. Data is replicated to those regions and those nodes go live: global distribution turnkey capability.

Azure functions is natively integrated now. Serverless apps have low latency access to globally available data. Scaling and managing compute resources aren’t a consideration any more. In the demo, Cosmos DB is storing Marvel data from online events. Functions triggers AI Cognitive Services to analyse data and calculate sentiment. A web app shows tweets on a wiki with calculated sentiment.

Scott Guthrie

Azure Machine Learning is next. You can build your own algorithms. Workbench is a Windows/Mac client for AI engineering.

That flow is now a river. I suspect the grumbling about lack of on-prem content will be very loud this week. There’s almost no Windows Server/System Center content this week.

There’s a broad ecosystem of AI services. You can integrate with Docker for Azure, on-premises and edge devices AI.

Danielle Dean

A company called Jabil is using AI in their circuit board manufacturing process. Pictures are taken of boards for humans to ID errors. They have a couple of seconds for each image. AI can analyze the pictures to do the pass/fail checks, and speed up manufacturing and reduce errors.

Azure Machine Workbench (AML) is a set of tools with a GUI and command line support for building a model, training it, and deploying it.

A collection of photos is stored. Results of the tests are stored: pass or fail. This is training. This is synthesized as a program. A Jupyter workbook is open to develop a model’s code. the data preparation from earlier is used. The code is running on an ND-Series VM in Azure. It runs and can analyse individual photos in debug mode.

The model is packaged up into a container for Docker deployment to Azure, or anywhere that supports Docker containers. Images are sent to the container and results are immediate.

Scott Guthrie

Azure Machine Learning and Azure Machine Learning Workplace are available..

Azure Vms with NVIDIA P40 and P100 GPUS are available today for machine learning.

Azure has more compliance than any other cloud today. Azure Security Center is getting more features this week. Hybrid threat detection and issue remediation.

Sarah Fender

An Azure Security Center demo.

We’ve lost around half the huge room at this time.

Best practices recommendation is shown. She clicks a recommendation to see details. You can limit remote access to VMs. Security Center JIT VM Access is shown. Advanced analytics (Machine Learning) are used to monitor your security. A new investigation experience is introduced today. A brute-force RDP attack has given an attacker access to a machine. We can see that a user has added themselves as an administrator. There’s a sign-in from a remote location – a suspected RDP compromise. The account then logged into another machine and ran a suspicious process – probably malware or a hacking tool.

Azure Security Center can now analyse things outside of Azure. No more details on that – I wonder if it’s Log Analytics.

Julia White

This is based on the CloudDyn acquisition – built-in free into Azure. It goes live later today. Long story short: you can analyse Azure spending.

Reserved Instances VMs are coming (back) to Azure.

And that was that.

Microsoft Ignite 2017 Keynote Notes

I’m live blogging from Microsoft Ignite in Orlando. Hit refresh to read more.

Before the Keynote

The score so far:

  • Orlando: 10
  • Chicago: Minus 5 trillion

This place is huge and the crowds are huge. But getting here was easy. My hotel is a good bit up “I-Drive” in Orlando, but it took less than 10 minutes to get here, from walking out the hotel door to walking into one of the conference buildings. I got in at 08:25, but the main keynote hall was already full and we were being redirected. I ended up on the “community hall” to watch the keynote on some big screens. Sounds like a downer, but I’m sitting at a table and I can easily type on my laptop.

We’re counting down to Julia White, the “host” of Ignite, before Satya Nadella takes command. That’ll be two hours of intelligent edge, mobile user experience, and his new book (I guess).

Roll the music … a video plays to show us highlights from the last year. Microsoft tech changing business, enabling someone to write again, saving a baby’s life. They really do this type of media well, but they need to share it on TV, not just at conferences.

Julia White

The “host” of Ignite takes the stage and talks about how hurricane Irma could have ended all this. Donation stations, kit assembly stations, and blood donation stations are throughout the conference centre.

We are “change agents” apparently – this week’s buzz phrase? There’s real-time translation in 12 subtitled languages, powered by MS AI.

Satya Nadella

The CEO takes the stage. He thanks the local community for helping with ensuring the conference could run. He offers words of support for the Texas and Florida communities.

The Ignite conference has a diverse range of attendees. Generations of Microsoft customers, with diverse roles from end user devices to back end. Envision is also on here, and this includes the business/C-level customers. “Digital Transformation”. 1 Drink. Continuous change and renewal is the theme of the two conferences.

Technology shouldn’t degrade humanity. Big chrome robots won’t crush your skinless skull after AI machine learning/deep learning launches nukes at us.

It’s hard to keep up with this. It’s lots of words, but it’s fluff. I’ll pause until the salad is finished and the meat is served.

 

Quantum Computing

Think about the limitations of a classic computer. It would try/fail/try to solve a maze – a brute force system. Instead of doing 1 or 0, a quantum computer does 1 and 0 simultaneously. It can try every path in the maze at the same time. Sounds easy, but it’s not. It starts with a world-class team, lead by Craig Mundie. Physics, computer science, and math must be put together.

Dr. Michael Freedman (maths), Dr. Charie Marcus and Dr. Leo Kouwaenhovern (physics) and Dr. Krysa Svore (computer science) come on stage for The Early Early Show with Satya Nadella. Seriously, these people are smart. I haven’t a clue – that’s not a complaint, they’re just incredibly intelligent.