Microsoft Build 2024 - Infrastructure Update Summary

In May 2024, Microsoft's developer event "Microsoft Build 2024" was held. With the announcement of the latest Windows AI features (Copilot+ PC) the day before the event, it served as a platform to showcase Microsoft's aggressive investment in AI, centered around Copilot.

Among the many updates and announcements, this article picks up and briefly introduces those considered important from the perspective of an infrastructure engineer^[1].

Virtual Machines: First Generation Cobalt 100 (Preview)

The first generation of Azure virtual machine series using the Azure Cobalt 100 processor has been made available (Dpsv6 / Dpdsv6 / Dplsv6 / Dpldsv6).

Cobalt 100 is an ARM-based processor designed and developed by Microsoft. Its existence was announced at Microsoft Ignite 2023 late last year, and it is now being offered as a virtual machine service for the first time. It is characterized by high energy efficiency, and the following performance improvements over previous ARM-based virtual machines have been reported:

• Up to 1.4x CPU performance
• Up to 1.5x performance for Java-based workloads
• Up to 2x performance for .NET-based web server applications
• Up to 4x local storage IOPS (NVMe Direct)
• Up to 1.5x network bandwidth

Reference Information

• Dpsv6-series sizes - Azure Virtual Machines | Microsoft Learn
• Announcing the preview of new Azure VMs based on the Azure Cobalt 100 processor - Microsoft Community Hub

Virtual Machines: ND MI300X v5 (GA)

As Azure virtual machines for AI workloads, sizes equipped with AMD's latest GPU "MI300X" are now generally available.

ND MI300X v5 series virtual machines are equipped with eight MI300X GPUs, interconnected with a total bandwidth of 896 GB/s (128 GB/s per GPU). They also support communication between virtual machines via InfiniBand, providing industry-leading infrastructure for GPU-to-GPU communication, which is particularly important in the context of High Performance Computing. Furthermore, compared to NVIDIA's H100, the 192 GB of VRAM stands out (H100 has 80 GB).

Additionally, the MI300X is optimized for generative AI (LLM) related workloads and is expected to deliver high power performance. In fact, Microsoft Copilot and OpenAI use MI300X as part of their backend infrastructure.

Reference Information

• ND MI300X v5-series - Azure Virtual Machines | Microsoft Learn
• Introducing the new Azure AI infrastructure VM series ND MI300X v5 - Microsoft Community Hub

Virtual Machines: Azure Compute Fleet (Preview)

Azure Compute Fleet, an orchestration service for virtual machines, has been released.

Spot Virtual Machines (Spot VMs) are an option to use surplus data center compute resources at a low price in exchange for guarantees on availability and execution. They are an essential element for VM cost optimization. With the Azure Compute Fleet announced this time, you can create and manage clusters that mix Spot VMs and regular VMs.

Users specify in advance the minimum number of VM/Spot VM instances they want to maintain, the sizes to be used, and the availability zones. When Azure Compute Fleet detects an eviction of a VM, it automatically recreates a VM to satisfy the capacity conditions. In this way, you can secure the necessary capacity while maximizing the cost benefits of Spot VMs.

Reference Information

• Public Preview - Azure Compute Fleet | Azure Updates | Microsoft Azure
• Announcing the Public Preview of Azure Compute Fleet - Microsoft Community Hub

Network: Change in Billing Plans for Inter-Zone Communication

Microsoft had planned to charge for communication between availability zones, but through this announcement, they have decided to maintain the current state of providing it free of charge.

This makes it easier to design architectures and implement applications following best practices (e.g., distributing workloads across multiple availability zones) without worrying about costs.

Reference Information

• Update on Inter-Availability Zone Data Transfer Pricing | Azure Updates | Microsoft Azure
• The following blog posts are useful for other transfer fees:
  • Azure networking topologies and data transfer costs estimates for architects | LinkedIn
  • Azure networking topologies and data transfer costs for cloud architects #2 | LinkedIn

Network: Integration of WAF/Firewall and Copilot for Security (Preview)

A feature to analyze Web Application Firewall (WAF) and Azure Firewall logs using Microsoft Copilot for Security has been released.

Searching through the massive amount of logs recorded by WAF or Azure Firewall is no easy task. Security personnel spend significant time on incident triage and root cause analysis. By delegating some of these tasks to Copilot for Security, it is expected that incidents can be identified and responded to more quickly. Currently, in preview, the analysis tasks that Copilot for Security can handle are as follows:

WAF:

1. Retrieve the main rules that detected attacks
2. Identify IP-based blocks and display associated WAF rules
3. Identify blocks caused by SQL injection attacks and explain the cause
4. Identify blocks caused by XSS attacks and explain the cause

Azure Firewall:

1. Retrieve top IDPS signature hits
2. Search for detailed threat profile information
3. Search for IDPS signatures across multiple firewalls
4. Generate recommendations for environment protection using IDPS features

Reference Information

• Bringing generative AI to Azure network security with new Microsoft Copilot integrations | Microsoft Azure Blog
• Azure WAF integration in Copilot for Security- Protect web applications using Gen AI
• Azure Firewall integration in Microsoft Copilot for Security

Storage: Faster Azure File Sync Synchronization (Preview)

Synchronization time between Azure File Sync server endpoints and file shares has been significantly improved.

Previously, adding an Azure File Sync server endpoint to an Azure Files file share with tens of millions of files resulted in a wait until all data was synchronized, with onboarding taking up to several days. With this update, server endpoints become available before synchronization is completely finished (folders accessed by users are prioritized for synchronization).

Reference Information

• Faster server onboarding and disaster recovery with Azure File Sync (Public Preview)
• Azure File Sync Agent v18 Release - May 2024 (Flight) - Microsoft Support

Monitoring: Log Analytics Workspace Replication (Preview)

Log Analytics workspaces now support replication of ingested logs.

When replication is enabled for a workspace, a secondary workspace is created in a nearby region. From then on, when logs are sent to the original (primary) workspace, the replicated logs are also ingested into the secondary workspace (existing logs are not replicated). Note that the secondary workspace is not recognized as an Azure resource and cannot be viewed in the Azure portal.

Reference Information

• Public preview: Azure Log Analytics enhances resilience with workspace replication across regions | Azure Updates | Microsoft Azure
• Enhance resilience by replicating your Log Analytics workspace across regions (Preview) - Azure Monitor | Microsoft Learn
• Public Preview: Log Analytics Workspace Replication - Microsoft Community Hub
• Log Analytics Workspace Replication resilience

Monitoring: Log Analytics Workspace Simple Mode (Preview)

Log Analytics workspaces now support a more intuitive way to search logs (Simple Mode).

When searching logs in a Log Analytics workspace, you use a unique query language called Kusto Query Language (KQL). While KQL is a versatile language also used in Resource Graph Explorer and Microsoft Sentinel, the fact that even creating simple queries requires a certain learning curve was a negative factor. With this update, you can easily search logs using a dropdown interface similar to Excel or BI tools.

You can switch between the traditional search method (KQL mode) and Simple mode. If a condition cannot be expressed in Simple mode, or if you want to write complex queries such as joining multiple tables, you can still use KQL.

Reference Information

• Analyze data using Log Analytics Simple mode - Microsoft Community Hub

Monitoring: Azure Monitor Pipeline Edge Support (Preview)

Azure Monitor Pipeline is a feature that allows Azure Monitor to be treated as an ETL (Extract-Transform-Load) tool. Using the pipeline, you can transform ingested data before it is stored in a Log Analytics workspace. Primary use cases include reducing data costs, filtering sensitive data, and formatting semi-structured data. In this update, Arc-enabled Kubernetes is now supported as an input source for Azure Monitor Pipeline.

Reference Information

• What's new in observability @ Build 2024 - Microsoft Community Hub
• Azure Monitor pipeline

Portal: Microsoft Copilot for Azure (Preview)

Copilot for Azure has become better at understanding Azure Resource Graph (ARG) queries.

Copilot for Azure is an AI assistant on the Azure portal that can perform various tasks. It can handle tasks such as understanding your environment, using services, deployment, and code optimization. The following official documentation lists useful scenarios along with execution examples.

https://learn.microsoft.com/en-us/azure/copilot/capabilities#perform-tasks

With this update, Copilot for Azure can now utilize ARG more accurately. It is expected that users will be able to grasp their Azure environments more easily through Copilot for Azure.

Reference Information

• What’s new across Azure Governance services, Microsoft Build 2024 - Microsoft Community Hub
• Copilot in Azure Technical Deep Dive - Microsoft Community Hub
• Microsoft Copilot for Azure overview | Microsoft Learn

Portal: Dashboard Hub (Preview)

Azure portal dashboards have been updated and expanded into a feature called Dashboard Hub.

In addition to an improved user experience, it now provides features such as quickly creating dashboards using preset templates.

Reference Information

• Public Preview: Next-Gen Dashboards Experience in Azure Portal | Azure Updates | Microsoft Azure

Tools: Deployment Stacks (GA)

Deployment Stacks are now generally available.

In Azure, resources are deployed into various "containers" such as management groups, subscriptions, and resource groups. Managing resources within these scopes is relatively straightforward if they share the same lifecycle. For example, you can apply delete locks or perform bulk deletions at the resource group level.

However, management becomes complex if resources with different lifecycles are mixed within the same scope, or if the lifecycle of some resources is changed unintentionally (e.g., through manual modifications).

Deployment Stacks address these challenges. Operating as part of the Bicep ecosystem, they allow you to group multiple resources with the same lifecycle for deployment, protection, and deletion.

Reference Information

• ARM Deployment Stacks now GA! - Microsoft Community Hub
• Create and deploy deployment stacks in Bicep - Azure Resource Manager | Microsoft Learn

Tools: Bicep Support for Microsoft Graph (Preview)

It is now possible to manage resources requiring the Microsoft Graph API (Microsoft Entra ID resources) using Bicep.

While the primary role of Bicep is to manage Azure resources using Azure Resource Manager (ARM), there are cases where you might want to manage Microsoft Entra ID resources with Bicep as well. For example, when calling an API hosted on App Service as a custom API from Logic Apps, you create two application IDs in the Entra tenant. It is extremely convenient to be able to create these application IDs using Bicep.

Internally, a Provider (Microsoft.Graph) that manages resources requiring Microsoft Graph calls exists under ARM, and this provider manages the lifecycle of Microsoft Entra ID resources.

Reference Information

• Announcing public preview of Bicep templates support for Microsoft Graph - Microsoft Community Hub
• Bicep templates for Microsoft Graph documentation | Microsoft Learn

Tools: Azure CLI / Azure PowerShell Updates

In conjunction with Microsoft Build, updates regarding the command-line tools Azure CLI and Azure PowerShell were announced. The following are the main highlights:

• Commands now support new services and features added to Azure (e.g., Azure Sphere).
• A feature (Credential Detection) that detects and displays warnings for sensitive information (e.g., environment variables, tokens, credentials) appearing in standard output is now enabled by default.
• A new login experience (Login Experience V2) that allows for interactive subscription selection is now the default behavior.
• On Windows, the default authentication method has changed to Web Account Manager (WAM).
• Added Long Term Support (LTS) releases, guaranteeing a one-year maintenance period.
• Copilot for Azure now supports Azure PowerShell as well.
• Functional improvements in GitHub Actions (e.g., support for Managed Identities, support for macOS).

Reference Information

• AzureCLI, PowerShell, Build 2024
• Protect secrets in Azure PowerShell | Microsoft Learn

Others: Azure Migrate Updates

Several updates for Azure Migrate were announced in conjunction with Microsoft Build. These include:

• Viewing the effects of applying Azure Hybrid Benefit (AHB) for Linux on the assessment screen.
• Importing SAP system workloads using CSV.
• (Coming soon) Migrating on-premises VMware workloads to Azure Stack HCI.

Reference Information

• Azure Migrate - Build 2024 Announcements - Microsoft Community Hub

Others: API Management Updates

There were many updates in API Management aimed at strengthening integration with Azure OpenAI Service.

For example, these include policies for LLM token usage to prevent surges in API usage, importing Azure OpenAI as an API, and semantic caching policies (public preview). In particular, the enhancement of load balancer and circuit breaker features is expected to increase scenarios for using API Management as a load balancer when utilizing Azure OpenAI Service.

Reference Information

• Introducing GenAI Gateway Capabilities in Azure API Management - Microsoft Community Hub

Others: Azure OpenAI Baseline Architecture in Landing Zones

The baseline architecture for building chat services with Azure OpenAI Service now supports deployment scenarios into landing zones. The architecture is published in the following official documentation:

• Azure OpenAI chat baseline architecture in an Azure landing zone - Azure Architecture Center | Microsoft Learn
• Baseline OpenAI end-to-end chat reference architecture - Azure Reference Architectures | Microsoft Learn

Reference Information

• Azure OpenAI chat baseline architecture in an Azure landing zone - Microsoft Community Hub

Others: GitHub Copilot for Azure

GitHub Copilot for Azure is an extension that helps when writing Azure-related code (e.g., Bicep, Terraform) or documentation in GitHub Copilot.

During Microsoft Build 2024, GitHub announced Copilot Extensions. This feature allows GitHub Copilot to retrieve external information on its own, providing answers with additional context. Developers can perform various tasks through the GitHub Copilot chat interface alone, without leaving the IDE or GitHub.

GitHub Copilot for Azure is a Copilot Extension for Microsoft Azure. Currently, for example, GitHub Copilot can perform the following tasks:

• Search relevant documentation (Microsoft Learn) and present the latest information.
• View resources in your Azure subscription using Azure Resource Graph (ARG) and provide advice based on the deployment status.

Reference Information

• Introducing GitHub Copilot for Azure: Your Cloud Coding Companion
• Introducing GitHub Copilot Extensions: Unlocking limitless possibilities with our ecosystem of partners - GitHub Blog
• Better together build and deploy to Azure with GitHub | BRK180 - YouTube

References

https://build.microsoft.com/en-US/sessions

https://news.microsoft.com/build-2024-book-of-news/

脚注

1. Simply saying "infrastructure engineer" covers a very broad range, so strictly speaking, it is more accurate to say "I picked up things that seem relevant to my work as a cloud infrastructure engineer." ↩︎