Azure Infrastructure Weekly Update – 3rd February 2023

Hey everyone, welcome to this week's Azure Infrastructure update is the 3rd of February and a few really cool updates this week. There's always I have the chapters so you can jump to any particular update you care about the most. For new videos this week I took a little detour. I'm still updating the Azure master class to the V2, but I did a dive into how encryption works. When you're viewing this video, what are the different types of encryption? How is it negotiated? I have a secret shared over the Internet.

I go into all of that in that video. And then I thought about X or a whole bunch of times in the encryption video. So I thought I'd better go back and explain just for those. Maybe I have not seen it. What does XOR really mean? So onto the new updates for compute. Aks now has in GA the Free and standard tiers. Now this relates to the control plane we've Azure Kubernetes service, the control plane, that's things like the API server, the ETCD stateful database, the scheduler, the various controllers, they're all managed and it's those things that this free and standard applies to.

So we're free. It's free, but there's no SLA to that control plane, whereas we've standard I get an SLA for the control plane. Additionally, on that control plane it supports up to 5000 nodes. It auto scales that API server based on the workload and so it'll also use availability zones where it can to distribute to make it more resilient. If I'm a production workload using AKS, I probably want to use the standard tier, but obviously that does imply it's not free. There is a certain cost you pay for that. It does not affect the actual functionality of Kubernetes itself. Your node pools work exactly as they did before. Then for Azure functions, there's now node JS 18 support just in GA, so that's now an option I can leverage in my applications. And then durable functions has some new storage backends. If I think about normal functions, they're serverless, they're event driven. Something happens, it does its job, and it goes away. Well, the drawable function it's more long lived and there's some stateful element to it.

There's various patterns like maybe I fan out to do various jobs and then I come back in and aggregate the results from those. It could be I need some manual human interaction as part of that flow. I might be chaining multiple functions together. I might have a function that's watching something else. All those patterns, it's a longer lived function and it has some state that has to be maintained.

So Azure functions, there's various storage providers that I can leverage. Azure storage is still there, that's really the original storage provider. It's very simple to use, it's very cheap to use, but they've also added is 2 new ones. I can use SQL Server. Obviously. The benefit of SQL Server, it's available anywhere. I have great fidelity and control over that service. But also it supports never, right? So never write is from Microsoft Research.

It's a combination of event hubs and page blobs and it gives this phenomenally high throughput. So now we have these three options. I can still use Azure storage, super simple. I can use SQL Server. Hey, it's available anywhere, I have great control and I have this nether, right. Which is just phenomenally high throughputs, so I can use all of those with my durable functions. On the storage side, I can now copy append. I can only add things to the end of the BLOB and page BLOB is great for random access to block BLOB and then leverage tiring. So we've BLOB, BLOB, I have tiers, I have the hot, the cool, and the archive and the archives. Very attractive because it's super cheap, but it's not available in real time. I have to bring it out of archive back into a call or hot tier, but archive is not available for my append.

And page blobs. So what I can now do is I can copy my append or page BLOB to a block BLOB into archive for example to take advantage of that much cheaper long term storage. If I need to use it again I can copy the other way. So as part of my copy of a block BLOB I can use a destination BLOB type parameter, say hey I need to copy it into a page BLOB or copy it into an append BLOB so I can go back the other way as well. This is really nice option if I just need to hey I. Is to keep the page properly to keep their pen BLOB as cheap as possible. I could now copy it to block BLOB and store it in archive. On the miscellaneous so Chaos Studio has a number of updates. Remember, Chaos Studio is there to help me.

Fake or emulate certain types of failure. This could be failure to a node, it could be failure to an entire availability zone. It could be hey, I'm going to spike the CPU. I'm going to do various types of experiments and see what happens to my architecture that I've deployed. Well, it now has service tags, so service tags can now be leveraged as part of my network security groups to control the inbound and outbound flow from the service. I can now inject into a virtual network so it can now interact with resources that don't have a public endpoint. So I've got some resource like a storage account that's using a private endpoint in a virtual network we're now. Chaos Studio can also inject into the VNET to interact with that private endpoint. It has target dynamic resources for things like virtual machine scale sets. So what that means is I could now have a filter as part of my targeting that only targets particular availability zones. So hey, I just want to target all of the VMS in this VM scale set that's in AZ 2. And I can also emulate certain types of key vault failure.

So hey, the certificate is disabled, maybe there's a new version I'm denied access to? Different types of things I can add to my experiments to emulate different types of failure. Azure AD cross tenant sync. So this is all about the idea that we're used to be to BI can add a guest into my Azure AD. So if we think that. Hey, I've got two Azure AD tenants and I want to be super clear. This scenario we're talking about is we have two tenants, but they're part of the same organization. There's been some acquiring of another company, so I want tighter integration. This is not geared towards some external company.

Leave a Reply

Your email address will not be published. Required fields are marked *