New Azure Improvements Include 'Key Vault' Service
- By Kurt Mackie
- January 09, 2015
Microsoft this week rolled out multiple improvements to its Azure cloud platform, including a preview of a new cloud-enabled security management service called "Azure Key Vault."
Azure Key Vault, which became available in preview on Thursday, connects with hardware security module appliances, as hosted from Azure datacenters. The service is designed for managing cryptographic keys and passwords (called "secrets" by Microsoft) that are used for application access. It also can be used to support bulk data protection approaches, such as the Azure Rights Management Service, which lets organizations specify file-level access protections.
A blog post by Dan Plastina, group manager for Microsoft Rights Management, described the Azure Key Vault service as "the public incarnation of our 18-mounth old Azure RMS bring-your-own-key (BYOK) offering, which is in worldwide production and underpins Microsoft Office 365." As Azure Key Vault, though, the service is still at the preview testing stage.
Azure Key Vault is based on cryptographic modules for hardware that follow the Federal Information Process Standard (FIPS) 140-2 Level 2 approach for security, as well as the Common Criteria EAL4+ certification. Microsoft views it as a way for organizations to facilitate the encryption of data, the signing of certificates used for application access and the protection of passwords or blobs of data (so-called "secrets"). It's designed for use by IT pros managing access to custom business applications, as well as developers building security into applications.
Microsoft claims that Azure Key Vault can speed up application access by avoiding the round-tripping associated with using traditional premises-based hardware security module appliances. The service also can be configured "in minutes," according to Microsoft's general Azure announcement.
This preview release includes support for a SQL Server Connector, allowing SQL Server databases running in Azure virtual machines to be protected by Azure Key Vault. It also includes support for CloudLink's SecureVM solution.
Microsoft's announcements suggest that Azure Key Vault can help with the scalability demands of applications. It's currently accessible via Azure regions located in "East US, North Central US, North Europe, West Europe, East Asia, and Southeast Asia." However, Microsoft plans to expand the available service areas. Microsoft also plans to add usage logs to the service that can be used to track "key use and management operations" in a future release, although that feature isn't a part of this preview release.
Azure VM G-Series
In other Azure news, Microsoft on Thursday announced that its G-Series for Azure Virtual Machines has hit "general availability" status, meaning that Microsoft now considers it ready for production environments. The G-Series, which is Azure's most robust Virtual Machines service with VM sizes of up to 32 cores, 448GB of RAM and 6.59TB of solid-state disk drive space, had its debut back in October. The service taps Intel's latest Xeon E5 v3 processors.
Microsoft considers its G-Series to be suitable for handling big applications, such as relational database servers (MySQL and SQL Server) and NoSQL databases (Cassandra, Cloudera and MongoDB), as well as "Big Data" types of solutions.
The G-Series is just available only in the Azure West U.S. region right now, but Microsoft is planning a service area expansion. The pricing of the service ranges from $0.67 per hour up to $9.65 per hour, depending on the configuration selected.
Docker on Ubuntu
Microsoft also announced Thursday that it has put an image of Docker integrated with Linux-based Ubuntu Server up on its Azure Marketplace. The Azure Marketplace is a kind of gallery of prebuilt applications that Azure users can opt to use. Azure users can now use the Azure preview portal to add this Docker image to a virtual machine.
Microsoft cautions that getting the Docker on Ubuntu Server image requires using Microsoft's preview portal for managing Azure. It used to require having a VM extension in place to get Docker on Ubuntu Server, but now that's just another deployment option, according to Microsoft's Azure blog post on the topic. The blog post includes a guide on how to add it.
Docker is open source container software that's designed to facilitate running applications. Microsoft had announced Azure support for Docker back in June.
SaaS App User Provisioning
Microsoft turned on an Azure preview feature in late November called "customer attribute mapping for SaaS apps." It allows users to apply Azure Active Directory attributes to other applications. For instance, it can be used to associate Azure Active Directory phone numbers with the Salesforce.com customer relationship management service. Doing so allows Salesforce.com users to have access to other users' phone numbers, according to Microsoft's description. While the feature was released as a preview a few months ago, Microsoft didn't describe it until this week. It's a "very highly requested" feature, according to Alex Simons, director of program management for Microsoft's Identity and Security Services Division.
Azure RemoteApp Pricing
Microsoft released its Azure RemoteApp service as a commercial product back in December. Azure RemoteApp lets organizations remotely access applications that run on Windows Server 2012 R2 VMs in Microsoft's cloud-based datacenters. The pricing for Basic and Standard plans was announced back then at $10 and $15 per user per month, respectively.
On Thursday, a Microsoft cloud news blog post noted that Enterprise Agreement pricing for the Azure Remote App service has been available since Jan. 1, 2015. Microsoft also plans to make the service available via Enterprise agreements starting on Feb. 1, 2015.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.