Save to My DOJO
It’s been a big year for Microsoft. Major structural decisions have forged a new path forward for Hyper-V and Azure. Let’s look back on the most significant developments of 2021 and what they mean for system administrators and IT professionals for 2022. Let’s get stuck in!
Hyper-V in 2021
Possibly the most significant thing for Hyper-V in 2021 is actually the lack of developments. This speaks volumes to the direction Microsoft want to take with the hypervisor. Contrasting the breathtaking pace of new features in Azure with the glacial changes to Windows Server serves as a good reminder of where Microsoft’s focus is. We got Windows Server 2022 which does bring some strong security features if you run it on new bare metal.
We ran a well-attended webinar that covered all the new features, but the reality is that there really aren’t a lot of them. Microsoft’s focus is on Azure Stack HCI, which builds on Windows Server but adds new features in exchange for a monthly subscription fee based on the number of CPU cores across your clusters.
While there weren’t a whole lot of new features, Hyper-V is still a strong virtualization platform, especially when combined with Storage Spaces Direct across a cluster and over 1.2 million page views on our Hyper-V section in 2021 shows how many IT pros devour our articles on Hyper-V and its related technologies.
Top Articles for Hyper-V Admins in 2021
The Best Virtual Machine for Windows 10
What’s New in Windows Server 2022
PsExec: The SysAdmin’s Swiss Army Knife
Azure in 2021
In contrast to Hyper-V, the pace of new features and services in Azure exploded in 2021 and apparently hasn’t been slowed down by the pandemic, rather the opposite. As businesses accelerate their digital transformation journey to the (hybrid) cloud to manage resiliency in the face of these uncertain times, Azure is growing fast, both in size and capability.
There are now (December 2021) 60 Azure regions worldwide, with announced new ones coming in Belgium and Malaysia. 23 of these regions support Availability Zones which means there are at least three separate datacenters in a single region, each with separate power, network, and cooling supply to provide redundancy should a whole datacenter experience an outage.
The biggest highlights for me over this year has been Azure Arc and Azure Virtual Desktop. Let’s look at Arc first, it’s a truly hybrid approach to cloud management, no matter where the resource is actually located. It started with servers, any VM or physical server, Linux or Windows in any datacenter or public cloud location, anywhere (on Earth), if it has the Azure Arc agent installed will appear in an Azure Resource Group in your tenant. You can apply Azure Policy to it, control access to it with Azure RBAC etc. But Microsoft didn’t stop with servers, they’ve expanded Arc to Kubernetes clusters, data services (Azure SQL Managed Instance and PostgreSQL Hyperscale) and SQL Server. There are also more Arc services coming. This is a truly different approach, AWS’s and GCP’s approach to hybrid is providing a rack of AWS hardware for your own datacenter (Outpost) or managed Kubernetes environments but neither is as comprehensive as what Arc offers. This is where Microsoft’s long heritage of being in your datacenter shines, they really understand that hybrid cloud isn’t just a transition phase, it’s the destination for many businesses.
Azure Virtual Desktop
The other standout is Azure Virtual Desktop which is Microsoft’s third crack at “here’s a virtual desktop in the cloud for your end users”. The first one was built in-house but suffered from scalability and manageability issues, the second one relied on Citrix in Azure so wasn’t all Microsoft provided. This third iteration has nailed all the important features and had the timing just right as the pandemic swept the world. Most importantly it’s got the security right (no open RDP ports to the internet, easily add MFA to each login) which opens the possibility of people working from their personal devices, as the data itself never leaves Azure.
Azure Virtual Desktop RDP settings
Azure Security Developments
Another powerful service that we’ll see more of over the coming years is confidential computing, again Azure is a leader in this space. We’re all familiar with protection for data at rest (Bitlocker, encrypted data in a database etc.) and data in flight (TLS encryption for nearly everything as it traverses the network). Confidential computing brings another dimension by protecting data while it’s being processed, both from administrators (server and SQL DBAs) and Microsoft’s own engineers. Both AMD and Intel have processors that support this today with the memory of the individual processes being encrypted. Until recently you had to (re-)write your applications to take advantage of Confidential Computing, this year Microsoft unveiled full VM encryption where you can lift and shift workloads from on-premises to the cloud and make them opaque to everyone except your trusted administrators by encrypting the entire VM memory footprint.
Microsoft 365 has had the ability to scan the content of Office files / PDFs and many other document types for sensitive data for quite a few years. You can then build DLP and Information Protection policies around the detection of different types of sensitive data and automatically block sharing or encrypt the document on the fly. Over the last year, Azure has added Purview, which brings the same “scan and find sensitive data” to your data storage. Databases, cloud storage and data lakes, both in Azure, AWS and on-premises can be scanned and actions taken when PII data is found for instance.
I must also mention Azure Sentinel, now Microsoft Sentinel as it’s turning into an amazing SIEM for small and big businesses alike. Since it’s cloud-based, it scales with your log sources and it’s a powerful way of gaining visibility into your digital estate.
Microsoft Sentinel Dashboard
An honourable mention goes to Azure Virtual Network Manager, released in public preview in November 2021, a centralized way of managing connectivity and security rules for large estates in Azure.
It’s not all roses though, I think it’s fair to call out a couple of high-profile outages in Azure such as the DNS issue on the 1st of April that took out large swathes of Azure and related services due to the DNS infrastructure being overloaded. There was also a large Azure AD outage in March, which (along with others in 2020) has prompted Microsoft to redesign Azure AD into much smaller cells (from 5 to 117) to minimize the blast radius when issues happen to a much smaller subset of customers.
Top Articles for Azure Admins in 2021
Key Takeaways from Microsoft Ignite 2021
What to Expect in 2022
Azure is “the world’s computer” according to Microsoft and there sure were MANY new and improved features this year. I think public cloud computing is the only way small, medium and gigantic businesses can transform digitally successfully so if you’re still holding on to your on-premises servers, 2022 is the time to get on the Azure and Microsoft 365 train before it leaves you behind.
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!