What Are Azure Virtual Networks

When I started learning how to use Azure IaaS, I probably spent most of my time learning about Azure virtual networking. I found VMs to be easy; it’s just self-service virtualization and it’s based on Hyper-V so it was an easy evolution for me. But the networking required a bit of learning, especially because there are lots of options, lots of it is driven by PowerShell, and it is constantly evolving.

What are Virtual Networks?

As I’ve said many times before, I used to work in the hosting business, back in a time when the VLAN was the dominant way to deploy customers. If sales signed up a customer, that customer got one or more VLANs, and the network guys panicked. More VLANs were being added, more firewall rules had to be deployed, and NAT had to be configured. We were looking at hours-to-days of waiting before I could drag a few templates from the VMM or vCenter library to have the customer up and running. In Azure, you do not call up Microsoft and say “hey, I need 2 VLANs, please”. Instead, you run some PowerShell or walk through a wizard and deploy your own isolated network address space.

Azure virtual network

A virtual network is kind of like a LAN. It is am isolated address space that can be divided into automatically routed subnets. You can create virtual networks from each of the following ranges:


We use these virtual networks and subnets to connect virtual machines within a single region. Each virtual network is isolated, so you might create 2 vNETs and they will be completely secure from each other unless you take steps to connect them.

The above diagram shows a deployment of a virtual network with 2 subnets, modelling the concept of a DMZ and back-end subnet. By default, there are no firewall rules or blocks between subnets in the same virtual network. However, you can deploy a policy-based set of rules called network security groups (NSGs) to isolate virtual machines or subnets.

Virtual Network and Subnet Addresses

As you can see, they are private ranges. You can get up to 5 public IP addresses for free (if you use them) to implement NAT-like “end points” with virtual machines, where you specify that if any traffic come in on a port, that traffic is sent to a VM or set of VMs (external load balancing, which is free, as is internal load balancing). This public IP addresses are usually provided by a cloud service, and are called VIPs (virtual IP addresses). Note that VIPs are dynamic by default, but you can reserve them for free (as long as the associated service is active).

You can carve up your address space to create VLANs. I recommend two practices with my customers:

  • KISS: Keep it simple, stupid. I might deploy a virtual network with an address of I can create plenty of subnets with a /24 address. So subnet 1 might be and subnet 2 might be If you are subnetting-disabled like me, this is easy to understand, you simply increase the third octet by a decimal 1. Ignore this rule (a) if you do understand subnetting and (b) you need more-smaller subnets or fewer-larger subnets.
  • Plan for expansion and connectivity: If a customer is using on premises then don’t deploy a virtual network of, even if you don’t plan on connecting them at the moment. Things change, and a customer’s plans with Azure will evolve. Treat Azure virtual networks like branch office networks, and plan for connectivity and routing.

Virtual Network Connectivity

As I said before, a virtual network is isolated. You can create endpoints to allow traffic into virtual machines from the Internet. However, you might want private communications between 2 vNETs or between a vNET and an on-premises network. This is made possible using a gateway.


Connecting an on-premises network via VPN to an Azure vNET using a gateway

A gateway is a virtual appliance that you deploy on your vNET, usually in a /29 subnet that supports just 3 IP addresses (default gateway to route, and 2 others);  vNET can have one gateway. The gateway is actually a cluster of 2 virtual machines that are managed by Azure – you simply configure gateway settings and you cannot even see these VMs. The purpose of the gateway is to enable private and secure network connections with routing:

  • Point-to-Site VPN: This is enables users to VPN into an Azure vNET. Really, this is intended as a backdoor for administrators. End users should use the software layer (Windows Server VPN/DirectAccess or VPN services from a virtual appliance).
  • Website-to-vNET VPN: An Azure website can VPN into a vNET, allowing that website to talk to services hosted on a VM, e.g. MySQL for WordPress.
  • vNET-to-vNET VPN: Connect two vNETs together even if they are in different regions or subscriptions, enabling VMs in different vNETs to talk to each other.
  • Site-to-site VPN: Connect a customer site to an Azure vNET, enabling on-premises machines to talk freely with in-Azure VMs. For example, DCs on the customer site could replicate with DC VMs from the same domain that are running in Azure over this encrypted connection over the Internet.
  • ExpressRoute: Get an SLA driven private WAN connection into your virtual networks, using an MPLS WAN or hop via a POP. This service is only supported by a small number of operators, and some of these operators are poor at communicating to their owns staff that this service is available – BT in UK/Ireland is particularly guilty of this.


Connecting multiple sites and Azure vNETs using ExpressRoute

There are 3 models of gateway that you can deploy:


The basic gateway breaks down into two types:

  • Static: Also known as a policy-based VPN, this is good for simple deployments, e.g. a 1:1 site-to-site VPN connection, and pretty much nothing else. This type has the most support from 3rd party firewall appliances.
  • Dynamic: Also known as a route-based VPN, dynamic routing provides the most compatibility with connection features (site-to-site, point-to-site, vNET-to-vNET, and website-to-vNET)

Long story-short, we always want dynamic routing, but only a small number of on-premises appliances support it.

You can find feature support across the tiers and types of gateway below:


Remember how I said a gateway is a pair of VMs? The basic tier is a VM with 1 vCPU. This limits how many interrupts the VM can handle and this restricts inbound bandwidth to around 80 Mbps (100 is listed but 80 is what is achievable). The next tier up, Standard, uses VMs with 2 x vCPUs and this doubles the interrupt handling capability, increasing the inbound bandwidth to 200 Mbps – thank you Hyper-V vRSS.

Network Security Groups & Force Tunneling

These are two features that are almost related because they are likely to be used together. In the above diagram, NSGs are used to restrict network communications. Force Tunneling could also be used:

  • Allow the DMZ VMs to communicate directly with the Internet, according to security policies. Outbound traffic will go directly to the Internet via the Azure fabric.
  • Force back-end VMs to route via the Internet via a site-to-site network connection, ensuring that all traffic from these machines is more closely controlled.


Using Forced Tunneling to manage outbound traffic from Azure subnets

IP Addressing

I’ve already talked about how VIPs are used to enable the public Internet to access your vNETs, subject to endpoint rules that you create. What about internal addresses? The Azure vNET will supply the IPv4 configurations to your VMs. From the guest OS point of view, this is DHCP … AND YOU SHOULD LEAVE IT THAT WAY.

The default gateway of a vNET is the first IP address in the range – .1 if you follow my KISS rule. The first VM to come online will be assigned the 4th address (KISS: .4) and then the fifth, etc. VMs will not get static addresses. If you shutdown (de-allocate) a VM then it is not guaranteed the same IP if you reboot it – however you can reserve an IP; I typically do this with DCs.

Name services can also be deployed, e.g. DNS on a DC. You can pre-define the DNS part of the IPv4 stack for VMs in the properties of a vNET.

Multiple NICs in a VM

I dealt with this topic a little while ago in a post about finding specs for Azure VMs. Some VM specs support more than 1 vNIC. From what I can make out, this is intended for vendors who are creating virtual appliances that need to span more than one vNET; consider a firewall that connects the external world and VMs in several vNETs – you don’t want any routing other than the firewall appliance so that appliance needs to be able to communicate directly with each vNET.


Connecting a virtual appliance to multiple subnets in an Azure vNET


Some good news: vNETs are free. You can have up to 50 vNETs in a single subscription, with up to 2048 VMs per vNET, and up to 500,000 concurrent TCP connections per VM.

NSGs and Forced Tunneling are both free. You can have up to 100 NSGs with 200 rules each per subscription.

You can have up to 50 reserved VIPs, 5 of which are free (including reservation) if they are being used. The pricing for the additional 15 or unused VIPs are found here. Private IP addresses are free.

Pricing for a gateway is found here – that covers the cost of connecting a VPN, but you also need to account for outbound data transfers (egress data).  Note that you’ll need to work with an ExpressRoute partner to figure out the pricing of that solution – here’s the Microsoft element – I know that Microsoft wants to simplify this pricing, as announced at the recent AzureCon online event.

Data Transfers

This is one of the most mis-understood elements of Azure. There are two types of data transfer:

  • Inbound (ingress)
  • Outbound (egress)

Let’s keep this simple:

ExpressRoute is charged based on bandwidth (no data transfer charges across this private connection) or metered data (contact your ISP).

Everything else is subject to ingress/egress rules. Azure does not charge for inbound data transfers. And now things get complicated.

Despite many myths, outbound data transfer is charged for, but it depends on the service. If you are using Azure Backup, there is no network data transfer charge. If you have VMs sending data to the Internet or outbound via VPN, then that is subject to charge.


Pricing is based on North Europe at the time of writing.

A customer is deploying a web farm in Azure. They want a virtual network that will have 3 subnets: web, application, and database. They need to offer online web services via 2 always active VIPs, and 1 usually de-allocated VIP. There will be 10 load-balanced web servers (external load balancing) and 5 load balanced application servers (internal load balancing). A site-to-site VPN connection is required from on-premises, the firewall is a WatchGuard Firebox, with a 50 Mbps connection. Each vNET must have policy based isolation. Web servers can talk directly to the Internet, but app and database servers must always route via the VPN to anything other than the web servers. The web servers are expected to send 1 TB of data to the Internet and receive 400 GB of data.

OK … let’s break this down:

  • Virtual network & subnets: free.
  • VIPs: We get up to 5 free if they are used, even if they are reserved. The de-allocated VIP will cost around €3/month.
  • External load balancing (web servers): Free
  • Internal load balancing (app servers): Free
  • Gateway (VPN): The WatchGuard doesn’t support dynamic gateways so a static gateway is required. The static basic gateway supports up to 80 Mbps so it’s fast enough. This will cost around €23/month.
  • NSG: Free
  • Forced Tunneling: Free
  • 1024 GB outbound data transfer: First 5 GB is free, and remaining 1019 charged at €0.0734 per GB, which is around €75/month
  • 400 GB inbound data: Free

So that works out at: €3 + €23 + €75 = €101/month.

Understanding Azure Premium SSD Data Storage & Pricing

If you are deploying services that require fast data then you might need to use shared SSD storage for your data disks, and this is made possible using a Premium Storage Account with DS-Series or GS-Series virtual machines. Read on to learn more.

More Speed, Scottie!

A typical virtual machine will offer up to 300 IOPS (Basic A-Series) or 500 IOPS (Standard A-Series and up) per data disk. There are a few ways to to improve data performance:

  • More data disks: You can deploy a VM spec that supports more than 1 data disk. If each disk has 500 IOPS, then aggregating the disks multiplies the IOPS. If I store my data across 4 data disks then I have a raw potential 2000 IOPS.
  • Disk caching: You can use a D-Series or G-Series to store a cache of frequently accessed data on the SSD-based temporary drive. SSD is a nice way to improve data performance.
  • Memory caching: Some application offer support for caching in RAM. A large memory type such as the G-Series offers up to 448 GB RAM to store data sets in RAM. Nothing is faster than RAM!

Shared SSD Storage

Although there is nothing faster than RAM there are a couple of gotchas:

  • If you have a large data set then you might not have enough RAM to cache in.
  • G-Series VMs are expensive – the cloud is all about more, smaller VMs.

If an SSD cache is not big enough either, then maybe shared SSD storage for data disks would offer a happy medium: lots of IOPS and low latency; It’s not as fast as RAM, but it’s still plenty fast! This is why Microsoft gave us the DS- and GS-Series virtual machines which use Premium Storage.

Premium Storage

Shared SSD-based storage is possible only with the DS- and GS-Series virtual machines – note that DS- and GS-Series VMs can use standard storage too. Each spec offers support for a different number of data disks. There are some things to note with Premium Storage:

  • OS disk: By default, the OS disk is stored in the same premium storage account as the premium data disks if you just go next-next-next. It’s possible to create the OS disk in a standard storage account to save money – remember that data needs the speed, not the OS.
  • Spanning storage accounts: You can exceed the limits (35 TB) of a single premium storage account by attaching data disks from multiple premium storage accounts.
  • VM spec performance limitations: Each VM spec limits the amount of throughput that it supports to premium storage – some VMs will run slower than the potential of the data disks. Make sure that you choose a spec that supports enough throughput.
  • Page blobs: Premium storage can only be used to store VM virtual hard disks.
  • Resiliency: Premium Storage is LRS only. Consider snapshots or VM backups if you need more insurance.
  • Region support: Only a subset of regions support shared SSD storage at this time: East US2, West US, West Europe, Southeast Asia, Japan East, Japan West, Australia East.
  • Premium storage account: You must deploy a premium storage account (PowerShell or Preview Portal); you cannot use a standard storage account which is bound to HDD-based resources.

imageThe maximum sizes and bandwidth of Azure premium storage

Premium Storage Data Disks

Standard storage data disks are actually quite simple compared to premium storage data disks. If you use the UI, then you can only create data disks of the following sizes and specifications:

image The 3 premium storage disk size baselines

However, you can create a premium storage data disk of your own size, up to 1023 GB (the normal Azure VHD limit). Note that Azure will round up the size of the data disk to determine the performance profile based on the above table. So if I create a 50 GB premium storage VHD, it will have the same performance profile as a P10 (128 GB) VHD with 500 IOPS and 100 MB per second potential throughput (see VM  spec performance limitations, above).


You can find the pricing for premium storage on the same page as standard storage. Billing is based on the 3 models of data disk, P10, P20, and P30. As with performance, the size of your disk is rounded up to the next model, and you are charged based on the amount of storage actually consumed.

If you use snapshots then there is an additional billing rate.


I have been asked to deploy an Azure DS-Series virtual machine in Western Europe with 100 GB of storage. I must be able to support up to 100 MB/second. The virtual machine only needs 1 vCPU and 3.5 GB RAM.

So, let’s start with the VM. 1 vCPU and 3.5 GB RAM steers me towards the DS1 virtual machine. If I check out that spec I find that the VM meets the CPU and RAM requirements. But check out the last column; The DS1 only supports a throughput of 32 MB/second which is well below the 100 MB/second which is required. I need to upgrade to a more expensive DS3 that has 4 vCPUs and 14 GB RAM, and supports up to 128 MB/second.

Note: I have searched high and low and cannot find a public price for DS- or GS-Series virtual machines. As far as I know, the only pricing is in I got pricing for virtual machines from the “Ibiza” preview portal. There I could see that the DS3 will cost around €399/month, compared to around €352/month for the D3.


[EDIT] A comment from Samir Farhat (below) made me go back and dig. So, the pricing page does mention DS- and GS-Series virtual machines. GS-Series are the same price as G-Series. However, the page incorrectly says that DS-Series pricing is based on that of the D-Series. That might have been true once, but the D-Series was reduced in price and the DV2-Series was introduced. Now, the D-Series is cheaper than the DS-Series. The DS-Series is the same price as the DV2-Series. I’ve checked the pricing in the Azure Preview Portal to confirm.

If I use PowerShell I can create a 50 GB data disk in the standard storage account. Azure will round this disk up to the P10 rate to determine the per GB pricing and the performance. My 50 GB disk will offer:

  • 500 IOPS
  • 100 MB/second (which was more than the DS1 or DS2 could offer)

The pricing will be €18.29 per GB per month. But don’t forget that there are other elements in the VM pricing such as OS disk, temporary disk, and more.

Once could do storage account snapshots to “backup” the VM, but the last I heard it was disruptive to service and not supported. There’s also a steep per GB cost. Use Azure Backup for IaaS VMs and you can use much cheaper blob blobs in standard storage to perform policy-based non-disruptive backups of the entire VM.

Understanding Azure Standard Storage and Pricing

Imagine that you’re brand new to Azure. You’ve been asked to price up a solution with some virtual machines. You use the best pricing tool for Azure and land at a page that has a bewildering collection of 12 items. You read through them, and are left none the wiser. I’m going to try cut through a lot of stuff to help you select the right storage for IaaS solutions such as VMs, backup, and DR.

There are a few things people expect when I present on storage in Azure. They expect LUNs with predefined sizes, they expect to see RAID, and when you talk about duplicate copies, they expect to see each copy. Sorry – it’s actually all much simpler than that – that’s a good thing!

Note that I will cover SSD-based Premium Storage in another post.


You do not create LUNs in Azure; storage in Azure comes in units called a storage account. A storage account is an address point in the Azure cloud with 2 secure access keys (a primary key and an alternate secondary key to enable resetting the primary without loss of service).

When you create a storage account you create a unique URL. This could be used publicly … only if you know the very long secret access keys. You do not set a size; you simply store what you need and pay for what you store with up to 500 TB per storage account, and up to 100 storage accounts per subscription (by default). You also set a resiliency level to provide you with some level of protection against physical system failure.

Resiliency Levels

There are 4 resiliency levels, summarized nicely here:


  • Locally Redundant Storage (LRS): 3 synchronously replicated copies are stored in a single facility in your region of choice. There is no facility fault tolerance. This is the cheapest resiliency level.
  • Geo-Redundant Storage (GRS): 3 synchronously replicated copies are stored in a single facility in your region of choice. 3 asynchronously replicated (no deprecation in performance) copies are stored in the neighbouring region, offering facility and region fault tolerance. This is the most expensive resiliency level.
  • Read-Access Geo-Redundant Storage (RA-GRS): synchronously replicated copies are stored in a single facility in your region of choice. 3 read only asynchronously replicated (no deprecation in performance) copies are stored in the neighbouring region, offering facility and region fault tolerance, but with read-only access in that other region.
  • Zone Redundant Storage (ZRS): Three copies of your data are stored across 2 to 3 facilities in one or two regions.

Note that we cannot use ZRS for IaaS (VMs, backup, DR). Typically we use LRS or GRS for VMs or backup storage. Azure Site Recovery (ASR) currently requires you to use GRS. You can switch between LRS, GRS and RA-GRS, but not from/to ZRS.

You do not see 3 or 6 copies of your data; this is abstracted from your view of the Azure fabric and you just see your storage account.

Here are the “neighbouring site” pairings:


Azure Storage Services

Once you’ve figured out the resiliency levels, the next step in pricing is determining which storage service you will be using. There are four services:

  • Blob storage: In the IaaS world, we use this for Azure Backup. Files you upload are created as blobs. You can also use it to store documents, videos, pictures, and other unstructured text or binary data.
  • File storage: This is a newly available service that allows you to use an shared folder (no server required) to share data between applications using SMB 3.0. This is not to be used for user file sharing – use a VM or O365.
  • Page Blobs & disks: In the IaaS world this is where we store VM virtual hard disks (VHD) for running or replicated (ASR DR) VMs.
  • Tables & Queues: This offers NoSQL storage for unstructured and semi-structured data—ideal for web applications, address books, and other user data. Read that as .. for the devs.

This can be confusing. Do you need to create a blob storage account and a file storage account? What if you select the wrong one? It’s actually rather simple. When you upload a file to Azure it’s placed into blob storage in your storage account. When you create a VM, the disks are put into page blobs & disks automatically. If you start using file storage to share data between services via SMB 3.0, then that’s used automatically. And you can use a single storage account to use all 4 services if you want to – Azure just figures it out and bills you appropriately.

Storage Transactions

I am confused at the time of writing this post. Up until now, transactions (an indecipherable term) were a micro-payment billed at some tiny cost per 100,000. I had no idea what they were, but I know from my labs that the costs were insignificant unless you have a huge storage requirement. In fact, in my presentations I normally said:

The cost of estimating the cost of storage transactions is probably higher than the actual cost of the storage transactions.

And when writing this post, I found that storage transactions were no longer mentioned on the Azure storage pricing web page. Hmm! It would be great if that cost was folded into the price per GB – you can actually only do so much activity anyway because of how rack stamps are designed and performance is price-banded.

I’ve been told that people are still being billed, but no rate is publicly listed on the official site. I’ll update when I find out more.


Let’s say that I need to deploy a bunch of test Windows Server virtual machines that the business isn’t worried about losing. My goal is to keep costs down. I need 1000 GB of storage, accounting for the 127 GB C: drive, and any additional data disks. I know that this will use page blobs & disks, and I’m going to use LRS for this deployment. If I select North Europe as my region then the cost per GB is €0.0422 so the monthly cost will be around 42.2 – I say around because there will be some other small files maintained on storage.

I have a scenario where I need to replicate 5 TB of vSphere virtual machines to Azure using ASR. ASR requires GSR storage and I will be using page blobs & disks. The costs will be €0.0802/GB for the first 1024 GB and €0.0675/GB for the next 4096 GB. That’s €82.1248 + €276.48 = around €359 per month.

And what if will use 100 GB of storage for Azure Backup (DPM or direct). That’s going to be using blob storage, of either LRS or GRS. I’ll opt for GRS, which will cost €0.0405/GB, so I’ll pay a teeny €4.05 per month for backup storage (Azure Backup has an additional front-end per-instance charge).

Picking an Azure Virtual Machine Tier

This post is a part of a series:

If you are looking at deploying an A-Series virtual machine in Azure then there are two tiers to choose from:

  • Basic
  • Standard

There are a few differences between the two tiers.

Load Balancing

You can load balance Standard tier virtual machines for free. This includes external and internal load balancing. Note that this is port-level load balancing, not application layer. If you want to do load balancing at the application layer then look in the Azure marketplace for some appliances. There you’ll find well known names such as Kemp, Citrix, and more.

There is no load balancing with Basic tier VMs.


Say a business needs to handle unpredictable peak capacity, without human effort or lost business opportunities. This might be a few times a day or every few weeks. How do they do it? The old way was to deploy lots of machines, load balance them, and eat the cost when there was no peak business … no seriously … they deployed enough for normal demand and lost business during periods of peak demand. Auto-scaling says:

  • Deploy the Standard tier VMs you need to handle peak demand
  • Power up VMs based on demand
  • Power down VMs when demand drops
  • And it’s all automatic using rules you define

VMs are billed based on storage consumed (very cheap) and hours running. So those VMs that aren’t running incur very little cost, and you only generate more costs when you are generating more business to absorb those costs.

There is no auto-scaling with Basic tier VMs.


A virtual machine can have 1 or more data disks, depending on the spec of the VM. Basic tier VMs offer a max IOPS of 300 per data disk. Standard tier VMs offer a max IOPS of 500 per data disk. If a VM has more than one data disk then you can aggregate the IOPS potential of each data disk of that VM by mirroring/striping the disks in the guest OS.

Higher Specs

The highest spec Basic A-Series VM is the Basic A4 with 8 vCPUs (AMD processor on the physical host), 14 GB RAM, and up to 16 data disks. Basic VMs can only have 1 vNIC.

Standard A-Series VMs include similar and higher specs. There are also some higher spec Standard A-Series that offer Xeon processors on the host, a lot more RAM, and even an extra Infiniband (RDMA) 40 Gbps NIC.


I need a pair of domain controllers for a mid-sized business. I’ll probably opt for Basic tier VMs, such as the Basic A2, because I can’t use load balancing or auto-scaling with domain controllers. I don’t need much IOPS for the data disk (where SYSVOL, etc  will be stored) and DC’s have a relatively light workload.

What if I want an application that has no software-based load balancing and will need somewhere between 2 and 10 VMs depending on demand? I need load balancing from the Azure fabric and it sounds like I’ll need auto-scaling too. So I’ll opt for a Standard A-Series VM.

Microsoft News – 30 September 2015

Microsoft announced a lot of stuff at AzureCon last night so there’s lots of “launch” posts to describe the features. I also found a glut of 2012 R2 Hyper-V related KB articles & hotfixes from the last month or so.


Windows Server


Office 365


Clarifying Some Of Yesterday’s Azure Announcements

Yesterday, Microsoft marketing published a blog post where they said a lot of things about new services, features, and locations for Azure. Let’s just say that some content in the announcement was less … correct or clear than one might hope for. I’m not saying that this was deliberate, but there is a history of this in Microsoft – Mary Jo Foley and Paul Thurrott joke that this is why they have jobs!

Microsoft announced that 3 new regions went live in India yesterday. I tried a few times to create stuff in those regions, but none of the new regions appeared in my personal subscription (MSDN) or my work one (Open VL). I guessed that “ went live today” meant at some time during the day in the PDT time zone, so I decided to wait until the next morning (Irish time) but India was still not there. So I went looking.


So the India regions are live, but like the Australian and New Zealand regions, they are not available to me because I do not have a business presence in India (or Australia and New Zealand).

The announcement also said:

The general availability of Azure Backup of application workloads. Included as part of Microsoft Operations Management Suite, Azure Backup now supports direct backup of SQL Server, SharePoint, and Microsoft Dynamics.

There are three things that I could have read from that statement (please note that both of the following are incorrect):

  1. Azure Backup MARS agent now can backup applications without DPM and without Project Venus
  2. This service is live now
  3. Azure Backup only comes with OMS

I asked my contacts for some clarification. Project Venus is still happening and it is the only way that Azure Backup will be eventually able to directly backup applications. Project Venus is not GA yet, but will be soon – you can bet that I’ll blog about it! I’ve stung Marketing before over the hints that Azure Backup is only available in OMS – that is simply not true; yes, AB credit is included in the add-on, but the full AB service is available to anyone with an Azure subscription.

There might be more incorrect information in that announcement that I’m currently unaware of.

I wish these announcements were more clear and correct. If you’re honest and describe the plans with some sort of timeline then we’ll forgive things that aren’t perfect. But if we are lead on a wild goose chase, wasting time and money, to find contradicting facts buried elsewhere, then we think less of the company making the announcement.

News for IT Pros from AzureCon

Microsoft announced a bunch of new stuff in the Azure world today for AzureCon. Here’s a summary of the stuff relevant to IT pros. Azure is growing still:


Azure Container Service

Microsoft describes this as:

… an open source container scheduling and orchestration service which builds on our partnerships with both Docker and Mesosphere, as well as our contributions to open source projects in this space.

This gives you Docker service delivery and Apache Mesos orchestrator. Other pieces included are Marathon for launching/scaling container-based application and Chronos, offering distribute cron job and batch workload management.

Azure Container Service will be in preview before the end of 2016.


Note that in the above slide (presented at AzureCon by Scott Guthrie) mentions the future on-premises Azure Stack.

More Regions

Three new regions just opened in India:

  • Central Indi (Pune)
  • South India (Chennai)
  • West India (Mumbai)

That should add about 60 new jobs to the Indian economy – it doesn’t take much labour to run one of these regions! Azure is available now, O365 will be there in October, and Dynamics CRM will come in H1 2016.

Azure Security Center

This is similar to something that was launched for O365 recently. Azure Security Center is:

… an integrated security solution that gives customers end to end visibility and control of the security of their Azure resources, helping them to stay ahead of threats as they evolve.

This solution integrates with partner solutions from the likes of Barracuda, Checkpoint, Cisco, CloudFlare, F5 Networks, Imperva, Incapsula, and Trend Micro.

You’ll get the usual monitoring and policy management, but ASC will also use information about global threats and your environment to make recommendations; that’s an interesting development! ASC will be broadly available by the end of 2016.


Guthrie said at AzureCon that there is DDOS detection built into this service.


Easier deployment of security appliances. And there’s best practices and scanning of network security groups (Extended Port ACLs in Azure). There is security alerting, that ingests data from the various partner vendors. Hadoop is analysing this data. SQL injection and DDOS attacks will appear in the alerts, maybe even pinpointing the location of those attacks.

This is a huge achievement of integrated advanced services.

N-Series VMs

This had to come – N-Series VMs can be thought of as the NVIDIA VMs, because that’s exactly what they are, VMs with GPU capabilities. GPUs are great for graphic and compute intensive workloads. N-Series will be available in preview in the coming months, and will feature:

… NVIDIA Tesla Accelerated Computing Platform as well as NVIDIA GRID 2.0 technology, providing the highest-end graphics support available in the cloud today.


I think I heard Guthrie say that N-Series has Infiniband networking.

DV2 D-Series Virtual Machines

DV2 is D-Series Version 2 virtual machines. These VMs use a customized 2.4 GHz Intel Zeon E5 v3. With turbo boost 2.0 the clock can run up to 3.2 GHz, making it 32% faster than current D-series VMs.

Other News

Some bullets:

  • The general availability of ExpressRoute for O365 and Skype for Business, as well as the ability to connect to Microsoft Azure’s Government Cloud via ExpressRoute.
  • New pricing plans for ExpressRoute. Effective Oct 1st 2015, customers will have two different data plans for their ExpressRoute connections.
  • A8-A11 VM instances will be reduced in price by as much as 60%, starting Oct 1st. They needed this – it’s been much cheaper to run big workloads in traditional hosting or on-premises.
  • Azure File Storage is GA. Whoah – it’s based on SMB 3.0!
  • The general availability of Azure Backup of application workloads … Hmm, I’m reading this in-between the lines as the start of Project Venus, and “direct” might not be “direct”.  [EDIT] It was confirmed to me that this is Project Venus, and it is not live yet.
  • Upcoming availability of Azure Resource Health, a new service that exposes the health of each of Azure resources such as Virtual Machines, websites and SQL Databases to help customers quickly identify the root cause of a problem.

Lots of stuff there to keep the Azure bigwigs busy in their AzureCon keynotes.

Microsoft News – 28 September 2015

Wow, the year is flying by fast. There’s a bunch of stuff to read here. Microsoft has stepped up the amount of information being released on WS2016 Hyper-V (and related) features. EMS is growing in terms of features and functionality. And Azure IaaS continues to release lots of new features.


Windows Client


System Center

Office 365




Microsoft News – 7 September 2015

Here’s the recent news from the last few weeks in the Microsoft IT Pro world:


Windows Server


System Center


Office 365



  • Meet AzureCon: A virtual event on Azure on September 29th, starting at 9am Pacific time, 5pm UK/Irish time.

Microsoft News 13-August-2015

Hi folks, it’s been a while since I’ve posted but there’s a great reason for that – I got married and was away on honeymoon 🙂 We’re back and trying to get back into the normal swing of things. I was away for the Windows 10 launch, happily ignoring the world. Windows 10 in the businesses is not a big deal yet – Microsoft needs to clear up licensing and activation for businesses before they’ll deliberately touch the great new OS – I’ve already had customers say “love it, but not until we get clarification”.


Windows Server



System Center

Office 365