Microsoft has released multiple security updates in last Patch Tuesday. One off them fixes a high risk vulnerability (CVE-2021-38647) Also know as OMIGOD. This vulnerability can be used remotely, so exploitation is expected soon.
This flaw doesn’t directly affect Windows at all, because it’s a bug in Microsoft’s open source Open Management Infrastruture (OMI) tool that is designed for Linux in general, and for Azure-hosted Linux servers in particular. However, a lot of resources in Azure do use it
A brief overview
Simplified, OMI is Microsoft’s Linux based answer to WMI, that sysadmins use to keep managing their Windows Networks.
Like WMI, the OMI code runs as a priviliged process on your servers so that sysadmins, and system administration software, can query and control what’s going on, such as enumerating processes, kicking off utility programs, and checking up on system configuration settings.
Unfortunately, cyber criminals love WMI/OMI like we sysadmins do.
Sadly, OMIGOD is an OMI bug that, in theory, offers criminals the same sort of distributed power over your Linux servers…
Microsoft has announced SSD bursting capabilities. This means that Premium SSD disks can achieve higher peak loads than the maximum IOPS with a new maximum of 3500 IOPS and a bandwidth up to 170 MiB/s. Together with this announcement Microsoft also announced new disk sizes (4, 8 & 16 GiB)
With the new bursting disks you can achieve up to 30 times the provisioned bandwidth, which will give better performance for spiky workloads. Disk bursting is based on a credit system. You will receive bursting credits when traffic is below the provisioned limit. Let me try to explain it using a simple chart.
Today I was browsing the Azure Management portal and discovered that Microsoft Azure released a new virtual machine series based on the AMD EPYC 7452V processors that can achieve a boosted 3.35Ghz. With these new AMD processers there are 4 new series available in Azure: Dasv3-series, Dav3-series, Easv3 and the Eav3-series
Same performance, lower price!
With almost the same performance as the DSv3 and Dv3 series Intel virtual machines, these machines might be an interesting choice, especially if we do a price comparison, just 2 examples:
Price per month
If we look at the above pricing, there is a 234% price difference between AMD and Intel. I know, its not a perfect 1 on 1 comparison, but for the same price, you get the double amount of cores, and memory…
With an increased security and privacy in mind Microsoft has been working on private links to Azure resources. Azure Private Link is a secure way to consume Azure Services like Azure SQL and Azure Storage using a private connection in your own VNet. This will replace the need for IaaS hosted virtual machines with SQL Server or the file server role installed.
Azure Private Link brings Azure services inside the customer’s private VNet. The service resources can be accessed using the private IP address just like any other resource in the VNet. It is basically an NIC inside one of your VNET’s. This will allow all traffic to flow over the internal network, and will not go over the internet. There is no need to put gateways or any other network devices in place to make this happen.
For very high demanding workloads, storage wise, Azure has released Ultra Disk performance tier for production use. I’ve already written about it in a previous post ( Slow IOPS in Azure VM’s? not anymore!) But now is the time to take a deeper look.
Which disk types do we have in Azure?
In the following table you can see what the difference is between all disk types in Azure. This table should help you to decide which disk to use for specific workloads.
Last week I received the question from a customer where to get the SQL license key… By default you will see the key during SQL installation, but with an Azure deployed SQL virtual machine you will never get to see the key, as its deployed from the Azure Portal.
Retreive the key from DefaultSetup.ini
So within a few clicks you will be able to retreive the key.
Today Microsoft has announced Azure Bastion. With this new service you will get improved security features and simplified IT managemend with a single click from your webbrowser using the HTML5 web client. This will eliminate the need for a jump server. I am looking forward in using this service in preview and GA.
— UPDATE 31-12-2019 — New disk sizes P1-P3 & E1-E3
In Azure there are several ways to implement your VM storage. I get a lot of complaints about slow storage in Azure. In this article I will try to explain why this might be slow, and what you can do about it. There are multiple locations where the limit might be hit. So I will address all in the following topics.
Virtual machine type
The first limitation might be coming from your virtual machine. Each type has its own total IOPS limit. Thus by adding more disk or faster disk than the type and size allows will not make any speed difference in the end. One of the obvious reasons for faster disk performance is to use SSD disks instead of HDD.
But keep in mind, not all virtual machines do support Premium SSD Storage, with an effective limit of 500 IOPS per disk, like in the Av2 series. And then there is host caching, that effects performance as well. A few examples:
Today we will learn how to deploy Azure AD Domain services. So let’s go to the Azure portal and let’s get you started!
Step 1: Go to Azure AD Domain Services and create a new Azure AD Domain services!
Step 2: Now we can start te setup of ADDS, fill in your preferred domain name. You can leave the default which is the same as your Azure Active Directory name ending with .onmicrosoft.com, but I would recommend a public URL like in my case adds.2azure.nl.
Recently I received an comparison from Azure with competitors. In the comparison there was stated that by default Azure provides an SLA of 99.95%. However, this is not entirely correct. By default a single basic virtual machine has no SLA at all!
I hear you thinking, what??? let me explain what the options are. First we need to know a bit more of the setup in Azure. For this explanation I will use West & North Europe. These regions do have Availability zones, but this might not always be the case. In the picture below you can review the Azure regions with their options.
So lets zoom in a bit further. In the picture below we have our 2 regions (West & North Europe). Within Region 1 we have 3 separated buildings, creating 3 availability zones.