What is Microsoft Azure IaaS missing at this point?

Well, this might be a bit of a misleading blogpost, and it is not aimed at critizing Azure, but mearly a post which aims to look at what I feel that Microsoft IaaS Azure is missing at this point. Now even thou Microsoft is doing alot of development work on Azure, much of it is focused on Azure AD (No wonder since they have like 18 billion auths each week) but still there is work to be done on the IaaS part.

With the late introduction of  Azure Resource Manager https://msandbu.wordpress.com/2015/05/22/getting-started-with-azure-resource-manager-and-visual-studio/

Azure DNS https://msandbu.wordpress.com/2015/05/08/taking-azure-dns-preview-for-a-spin/

Introduction to Containers on Azure http://azure.microsoft.com/en-us/blog/containers-docker-windows-and-trends/

Storage Premium and such https://msandbu.wordpress.com/2014/12/17/windows-azure-and-storage-performance/ https://msandbu.wordpress.com/2015/01/08/azure-g-series-released-and-tested/

So what is missing ?

  • Live Migration of Virtual Machines when doing Maintance on hosts:  The concept of setting up Availability Set (meaning setting up 2x of each virtual machine role is not very sexy when trying to persuade SMB customers to move their servers out to Azure) and In some cases, like RDS session hosts which are statefull which might be a bit pain if one host suddenly reboots
  • 99,9% SLA on Single Virtual Machine instances (Again reference to point 1) While this used to be an option, it was quietly removed during 2013…. While some of the competition has SLA for running single virtual machine instances/roles, Microsoft does not. Or maybe have a customizable maintance window.
  • Better integration of On-premises management, While VMM now does have an option to integrate with Azure it is missing some feature to make it better such as deployment from Azure https://technet.microsoft.com/en-us/library/mt125377.aspx 
  • Scratch the old portal and be done with the new one! Today some features are only available in the old portal such as Azure AD, while some features are only available in the new portal. This is just confusing. I suggest that you get done porting the old feature into the new one and then start creating new features / capabilities in the new portal.
  • Better use of Compute ( For instance being able to customize virtual machines sizes, while I know that having pre-defined size gives better resource planning, but in some cases customers might need just a 2vCPU and 8 GB ram and paying that small extra for 4 vCPUs (while it is not needed) should not be necessery.
  • Less limitations on Network capabilities, while it has improved there are still some limitations which in fact limit network appliances on Azure (such as Netscaler which can only operate with 1 vNIC in Azure) yes I know that having multiple vNICs is supported but it is randon which does not work very well with network appliances) Same with the ability to set Static MAC adresses, this is because a lot of network appliances using MAC based licensing
  • Central management of backup (While Backup Vault contains alot of information and some of the capabilities in still in Preview, I would love to have a single view which shows all backup jobs, also give the Azure Backup some capabilities to jump onto Exchange, SQL and Hyper-V) and also include support for DS-series!
  • Iaas V2 VMs also are quite the improvement and moving away from use of cloud Services, there are alot of limiations here towards the other Azure services. Such as that it does not support the Azure Backup Service, and that there are no plans to give a migration option from V1 to V2 VMs.
  • Azure DNS give it a web-interface! while PowerShell is fun and makes things alot easier, sometimes I like to look at DNS zones from a GUI
  • Support for BGP on VPN Gateways (Which allow for failover between different VPN tunnels, same goes for providing suppor for multiple-site Static VPN connections.
  • IPv6 support!
  • Support for Gen2 and VHDX format. Now Microsoft is pushing Generation 2 virtual machines and the new VHDX format, Azure should support this as well. This would make things alot easier in a hybrid scenario and make it alot easier moving resources back and forth
  • Azure RemoteApp while it is a simple of good product there are some things I miss, such as full desktop access (most of our customers want to have full desktop access) and remove the limitation of 20 users minimum, this is a huge deal breaker for SMB customers in this region.
  • Console Access to virtual machines (In some cases while RDP might not be available for some reason, we should have an option to get into the console of the virtual machine)

Now what is the solution to getting all this added to Azure? us of course!

The best way to get Microsoft’s attention to add new features and capabilities into Azure is by either posting feedback on this site or by voting up already existing posts http://feedback.azure.com/forums/34192–general-feedback

Much of the newly added capabilities, originates from this forum.

Wire Data in Operations Management Suite

Microsoft finally released a new solutions pack to Operations Management suite the other day, which I have been waiting for since Ignite! WireData!!!

This is an solution pack that gathers meta data about your network, it requires a local agent installed on your servers as with other solution packs but allows you to get more detailed information about network traffic happening inside your infrastructure.

So if you have OMS you just need to go into the solution pack and add the wire data pack


But note that after adding the solution pack It need a while to gather the necessery data to create a sort of baseline about the network traffic.


After it is done it groups together the communication that has happend on the agents to see what kind of protocols that are often in use


For instance I see that there is alot of Unknown traffic happening on my agent, I can do a drill down to see more info about that particular traffic. Then I can see in detail where the traffic is going


I can also do a drill down to se what kind of process is initiating the traffic going back and forth. Something I would like to see in this, is the ability to add custom info, lets say for instance if I have a particular application running which uses some custom ports and processes I would like to add a custom name to that application so It can appear in the logs and in the overview.

Other then that it provides some great insight in what kind of traffic is going back and forth inside the infrastrucutre, and Microsoft has added some great common queries.


Setting up Microsoft Azure and Iaas Backup

Earlier today Microsoft announced the long awaited feature which allows us to take backup of virtual machines directly in Azure. Now before today Microsoft didn’t have any solution to do backup of a VM unless doing a blob snapshot or some third party solution. You can read more about it here –> http://azure.microsoft.com/blog/2015/03/26/azure-backup-announcing-support-for-backup-of-azure-iaas-vms/

The IaaS backup feature is part of Azure Vault, and is pretty easy to setup. Important to note that enabling the backup feature requires that Azure installs an guest-agent in the VM (So therefore they require to be online during the registration process) and note that this is PR region.

So now that when we create a backup vault we get the new preview features. (Firstly we can also create storage replication policies)


Now in order to setup a backup rutine we first need to setup a policy, which define when to take backup.


Next head on over to the dashboard, first the backup vault needs to detect which virtual machiens it can protect (so click Discover)


So it find the two virtual machines which are part of the same sub and in the same region.


NOTE: If one of your virtual machines are offline during the process the registration job fails (so don’t select VMs that are offline or just turn them on) Now after the item has been registrered to the vault I can see it under protected items in the backup vault



Now after this is setup I can see under jobs what VMs that are covered by the policy


So when I force start a backup job I can see the progress under the jobs pane


I can also click on the JOB and see what is happening.


So for this virtual machine which is a plain vanilla OS image took about 22 min, and doing a new backup 1 hour later took about the same amount of time, looks like there is not a incremental backup.


So when doing a restore I can choose from the different recovery points


And I can define where to restore a virtual machine to a new cloud service or back to its original VM


Citrix XenMobile and Microsoft Cloud happily ever after ?

There is no denying that Microsoft is moving more and more focus into their cloud offerings, even with solution such as Office365, EMS (Enterprise Mobility Suite) and of course their Azure platform.

EMS being the latest product bundle in the suite gives customers Intune, Azure Rights Management and Azure Active Directory Premium. So if a customer already has Office365 (their users are already placed with Azure AD and can then easily be attached to EMS for more features)

We are also seeing that Microsoft is adding more and more management capabilities against Office365 into their Intune suite (Which is one of the keypoints which no other vendors have yet) but is this type of management something we need ? or is it just to give it a “key” selling point?

Now Microsoft has added alot of MDM capabilities to Intune, but they are nowhere close to the competition yet. Of course they have other offerings in the EMS pack, like Azure Rights Management, which are quite unique on the way it functions and integrates with Azure AD and Office365. As of 2014 Microsoft isn’t even listed on the Gartner quadrant for EMM (which they stated would be the goal for 2015)

But it will be interesting to se if Microsoft’s strategy is to compete head-to-head on the other vendors or if they wish to give the basic features and dvelve more into the part of Azure AD and identity management across clouds and SaaS offerings.

Citrix on the other hand, have their XenMobile offering which is a more complete EMM product suite (MDM and MAM, Follow me data with Sharefile, and so on) Now Citrix has a lot of advantages for instance over using Sharefile against OneDrive.  Sharefile has encryption of data even thou it is locally and running on a sandboxed application( on a mobile device), while the only option that OneDrive has is using as a part of Rights Management Service (of course OneDrive has extensive data encryption in-transit and at rest https://technet.microsoft.com/en-us/library/dn905447.aspx

Citrix also has MicroVPN functionality and secure browser access running VPN access using Netscaler, while Microsoft also has a secure browser application which is much more limited to restricting which URLs to open and what content can be viewed from that browser.

So from a customer side you need to ask yourself.

  • what kind of requirement does my buisness have?
  • Do I use Office365 or a regualr on-premise setup?
  • Do I need the advanced capabilities ?
  • How are my users actually working ?

Is there a best of both worlds using both of these technologies ?

While yes!

Now of course there are some feature that overlaps using Offic365 and EMS + XenMobile, but there are also some features which are important to be aware of.

* Citrix has Sharefile storage controller templates in Azure (Meaning that if a customer has an IaaS in Azure, they can setup a Sharefile connector in Azure and use that to publish files and content without using OneDrive)

* Citrix has a Sharefile connector to Office365 (Which allows users to use Sharefile almost as a file aggregrator for communicating between Office365 and their regular fileservers) which allows for secure editing directly from ShareFile.

* Citrix XenMobile has alot better MDM features for Windows Phone that Intune has at the moment.

* Azure AAD has a lot of built-in SSO access to many of Citrix web based applications (Sharefile, GTM, GTA and so on) since users are already in Azure AD premium it can be used to grant access to the different applications using SSO)

* Netscaler and SAML iDP (If we have an on-premise enterprise solution we can use the Netscaler to operate as an SAML identity provider against Office365 which allows for replacement for ADFS which is required for full SSO of on-premise AD users to Office365

* Office365 ProPlus with Lync is supported on XenApp/XD with Lync optimization pack (Note that this is not part of XenMobile but of Workspace suite)

* Netscaler and Azure MFA (We can use Azure MFA against Netscaler to publish web based applications with traffic optimization)

* Netscaler will also soon be available in Azure which allows for setting up a full Citrix infrastructure in Azure

But in the future I would be guessing that Microsoft is moving forward with the user collaboration part, it is going to become the heart of identity management with Azure AD directory and rights management, while Citrix on the other hand will focus more and enabling mobility using solutions like EMM ( MAM ) and follow me data aggregator and secure file access and devices. Citrix will also play an important part in hybrid setup using Netscaler with Cloud bridge and as an identity provider on-premise

Upcoming events and stuff

There’s alot happening lately and therefore there has been a bit quiet here on this blog. But to give a quick update on what’s happening!

In february I just recently got confirmation that I am presenting two session at NIC conference (Which is the largest IT event for IT-pros in scandinavia) (nicconf.com) Here I will be presenting 2 (maybe 3) sessions.

* Setting up and deploying Microsoft Azure RemoteApp
* Delivering high-end graphics using Citrix, Microsoft and VMware

One session will be primarly focused on Microsoft Azure RemoteApp where I will be showing how to setup RemoteApp in both Cloud and Hybrid and talk a little bit about what kind of use cases it has. The second session will focus on delivering high-end graphics and 3d applications using RemoteFX (using vNext Windows Server), HDX and PCoIP and talk and demo abit about how it works, pros and cons, VDI or RDS and endpoints so my main objective is to talk about how to deliver applications and desktops from cloud and on-premise…

And on the other end, I have just signed a contract with Packt Publishing to write another book on Netscaler, “Mastering Netscaler VPX” which will be kind of a follow up of my existing book http://www.amazon.co.uk/Implementing-Netscaler-Vpx-Marius-Sandbu/dp/178217267X/ref=sr_1_1?ie=UTF8&qid=1417546291&sr=8-1&keywords=netscaler

Which will focus more in depth of the different subjects and focused on 10.5 features as well.

I am also involved with a community project I started, which is a free eBook about Microsoft Azure IaaS where I have some very skilled norwegians with me to write this subject. Takes some time since Microsoft is always adding new content there which needs to be added to the eBook as well.

So alot is happening! more blogsposts coming around Azure and Cloudbridge.

New book project, Azure IaaS free ebook

This is something that I have been thinking about for some time, since I have written two books for publisher in the last year. Now and I saw that when writing the books that much of the stuff I wrote about became outdated pretty fast after the books were released.

So therefore I came up with an idea, what if I wrote it as an ebook and was responsible for the distribution myself ? This would make it alot easier to keep it up to date since I didn’t need to have a publisher to keep “control” over the source, and since it is only in ebook form I can easily update the content to keep it “up-to-date”

So therefore I present my current ebook project,

Azure – IaaS Getting started

this book will cover the basics about the most, but will deep dive into the IaaS features of Azure. I am about 20% in the writing process so it is not ready for release yet, since I’m only one guy.

If you are above average skilled in Azure and want to contribute to the writing process, please get in contact with me on msandbu@gmail.com my whole goal with this book is to make it easier to get the “whole” picture of Azure and having up to date content.

So stay tuned for the release!

Pricing difference between vCloud Air and Microsoft Azure

Now lately I’ve seen alot of blogpost talking about how cheaper one of them is compared to the other. Now most of the time I don’t read them as much, but this time I’ve decied to write a post about it to do a comparison.

Note I am not being prejudice even if I have a MVP logo, I’m trying to get a clear picture of what the pricing actually is. If anyone has any feedback to this post I would really appriciate getting feedback in the comment field below.

For the comparison I’m going to show difference between Virtual Private Cloud offering from Vmware and Virtual Machines from Microsoft Azure.

First of Virtual Private Cloud offering from Vmware is more of a cloud container you gain access to a set of resources and you define yourself what you want to do with those resources, while Microsoft Azure is based upon virtual machines, you have a predefined size based upon the template.

So let us define for this example that we have 5 virtual machines with 2 GHZ each and 4 GM RAM. (Note there are no sizes in Azure that are the equal size so I’m going with Medium based instances which have about 3,5 GB RAM and 2x 1,6 GHZ) and I’m only comparing with the information that I can find on the vendors websites.


First of Virtual Private Cloud from VMware has an 99.9% SLA for virtual machines
Microsoft Azure has 99,9% SLA for single virtual machines and 99,95% for multiple role instances. (NOTE: f you deploy a single VM instance within an availability set, you will receive no advanced warning or notification of platform maintenance)

Other features:

The base configuration from Virtual Private Cloud from Vmware contains

10 GHz
2 TB of Standard Storage

10 Mbps of Bandwidth (this is official bandwidth for connections out of the data center)

2 Public IP Addresses + support

This is for the price of €727 a month. So for this I can configure 5 virtual machines with 2 GHZ and 4 GB of RAM each and with ~400 GB of disks each.

From Azure I can configure 5x Medium virtual machine instances (Linux based since I don’t want a licensing discussion here)

This will cost about €332.44 a month, and for 2 TB of storage for page blobs is about €74.47 a month. (Locally redundant) + Support which is €223.41 a month (Note that since the support is so different from the vendors, I will choose to exclude it from the price comparison) Public Ip addresses are given from a cloud service and can be one or more adresses. I also need to add storage transactions since all IO to the Blob storage is considered a transaction. So 200 million storage transactions each month equals to €7,45 a month

I also need to define bandwidth usage, for Azure I can define the bandwidth usage to for instance 100GB which costs about €8.49 a month(Note that this bandwidth cost is for US + Europe egress) (Vmware does not charge for data transfer). This sums up to €422,5 euro a month.

Performance: Principled Technologies did a test on virtual machine instaces on both Azure and Vmware and they concluded that the CPU performance is about 2x the performance in vCloud compared to Azure (Note that this is pr vCPU)


Which means that if we have 10 GHZ in vCloud (We would need atleast 20 GHZ in Azure to have the similiar performance CPU-wise)

vCloud Air Azure
10 GHz
2 TB of Standard Storage

10 Mbps of Bandwidth
2 Public IP Addresses

5x Medium Instances =
2 x 1.6GHz CPU * 5 = 16 GHZ
2x 3,5 GB RAM * 5 = 17,5 GB
2 TB Page blobs
200 Million storage transactions
100 GB Bandwidth usage
Cloud services public adresses
€644 each month €422,85 each month

Note that this price for Azure is if we use the virtual machines 24/7, we use all 2 TB of storage, we use all the 100 GB bandwidth. If we do not use this much the cost each month will be lower. NOTE: All medium instances have 200mbps bandwidth)

Now, both of them have other options for prepaid 12 months options since this is a cheaper option I going to add them to the option in the table.

Prepaid 12 Month Vmware Prepaid 12 Month Azure
€8,203 (Where €8724 is normal) cost €3805 (€5074 is the normal cost)

Its clear to see that Azure is cheaper over the long run, since it has a really good discount when buying for certain amounts prepaid. http://azure.microsoft.com/en-us/offers/commitment-plans/

But it does not perform as well as Vmware. If we were to compare performance/cost we would have another calculation. Since as I mentioned we would need atleast twice the amount of CPU power to be able to have the same amount of performance and in this case I would need to add another virtual machine instance.

vCloud Air Azure
10 GHz
2 TB of Standard Storage
6x Medium Instances =
~20 GHZ
€644 each month €489.33 each month

This takes the CPU/memory calculation in the mix but it does not say anything about storage performance. Note that Azure Datadisks for medium instances have max 500 IOPS. (While a storage account can have up to 20.000 IOPS) and the maximum size of a blog disk is 1 TB. And Medium instance can have up to 4 Datadisks and therefore a max amount of 2000 IOPS.

Now as I see it, we can’t compare these two solutions equally. So it is not an apple vs apple comparison. vCloud has the flexibility that you “purchase” a bunch of resources and you can form and mold them as you want. It has better performance since it is mostly a IaaS platform, while on the other hand you have Azure which has different forms and shapes that you can purchase depending on what the customers needs.

Also important to note that vCloud Air (Is as I have read about) that it is priced upon recourses you buy, not what you use so If you have bought 10GHZ and only use 50% you still need to pay the same amount, while Azure is based upon what you use.

Also the options around the ecosystem is also completely different. So I appriciate any feedback here! If I have done a wrong calculation or if statements are wrong.