At first glance, Microsoft's annual TechEd conference has been all about cloud this year, with the announcements being new features and services on Azure rather than new versions of its server products. But many of the new Azure services are designed for companies who are still using on-premise servers, Azure technical fellow Mark Russinovich told TechRadar.
The new ExpressRoute service where you can connect your servers directly to Azure via an MPLS provider like BT rather than going over the public internet is only useful when you have servers in your company that you want to have connected to Azure over a fast link.
The same is true of the new reserved IP addresses that guarantee that what you're running on Azure will show up on the same IP address. "When you talk about being able to talk to a site from your own environment and not wanting anyone else to talk to it, that's one way to do it," explains Russinovich. "You can reserve an IP address and add it to your routers and set the access controls so the traffic from Azure can only come to you."
Or take the Azure file storage service, which lets you treat cloud storage as if it was a NAS or a file server you connect to on your local network using familiar SMB. It was the team building the web site services for Azure that originally asked for it, because file shares were the way they distributed website code between servers for failover and setting those up on Azure was a lot of work.
"They told us they needed a file share. 'Why do we need to create virtual machines, turn on file sharing and figure out failover for them just because we want to share files between the servers?' They had to either rewrite their infrastructure to not share files that way or pay this management and configuration burden of creating these severs that have file sharing in the traditional server sense. And many of the people writing web sites wanted the same things. Now it's just file sharing as a service."
That means if you have applications that use a file share, you can easily move them to the cloud. But it's also useful if you're taking advantage of the new developer feature that lets you run a Windows client on Azure for the first time, for building and testing software, because you can build and test apps that will work with a file share when you run them on your own systems. In fact, points out Russinovich, "Anything where we talk about hybrid cloud is actually focused on on-premise customers; Azure site recovery is completely focused on them."
The way that works is that if your entire site goes down, you can switch over to working on Azure immediately because the site recovery service puts a copy of all your workloads and data up there and keeps it up to date automatically. "Today what I need to do to make a highly available disaster recovery service that's resilient to failure is I have to go to my boss and say we need to get hosting and we need to buy servers there and we need to configure the network for them and that's just the first steps for a disaster recovery system which we're not going to use very often but we will pay the cost of having ready to go constantly. Or I can use Azure where I can spin it up quickly and I'm only paying for storage which is really cheap."
There are also new features in Azure Active Directory, the service that connects you to Office 365. The premium version can tell you if any of your PCs are showing up as being part of botnets detected by Microsoft's security team, for example. "We're able to correlate security events," Russinovich explains, "so we have Office customers who are being attacked and our telemetry will tell us what's going on. If they're getting spear phished, we can divert those messages into junk mail folders so the users don't even see them."
Azure Active Directory Premium includes a preview of a new service that Russinovich hopes will "help IT get a handle on this shadow IT thing" by finding out which cloud services users are sending data to. "We're trying to give them the control without getting in the way of the users because if we get in the way of the users they will just bypass them – and if your users are bypassing you they're creating problems for you." The idea isn't to find cloud storage like Dropbox and turn it off; it's to find out about it so you can manage it. "IT is in the business of managing credentials and securing them properly but when it comes to cloud services, business managers are storing these things, losing track of them, putting them in spreadsheets... Once IT discovers them, they can say 'we need to help you manage those credentials, because if you don't we're putting the whole business at risk'.