 Hello everyone and welcome back to another episode of wired for hybrid We are in August August 3rd to be exact recording we're covering July and we've Lately been more on the later the month or very early the next month, but we still call it the July edition because Dates come up until the last week of July or the last week of the month So we don't want to miss anything and that's why we're a little bit Even though publishing in August, but it still covers July How you doing Michael? I am doing awesome. How about yourself? I'm great. Just had a nice Conference couple weeks ago at Tech Mentor in Microsoft HQ It was great to be back with people again I'm always very happy to be that. How about you? We've been working on Yeah, I just got back from vacation and so I've actually been working on this is like a year or so in the works When I came on board last year, I got Ownership for a document that covers our latency round-trip latency between certain Azure regions and It doesn't cover every region So it's specific because we have to set up these specific Networkings and it works for different goals Long story short, it's been hard to get the data and also to put it into a proper framework because previously They put it into this Basically Excel spreadsheet and we took a screenshot of that and we put it in docs With our growth, we've gotten to the point where it's really really difficult to do that So we were trying to figure out how to do it and I came up with what I think is a great way to Visualize it by using tabs in the doc so you can choose which of the big Geographic regions like us or Asia a pack those sorts of things and then you can go down to sub tabs That cover all of the you know the regions within there And I know that's been super important for teammates and customers Especially in Europe because there's been a you know with all the growth and everything There's been a lot of capacity issues. So people are looking for okay. Where am I gonna put that other? Region which ones am I gonna go to am I gonna have the the speeds that I want so down in the comments Are down in the show notes, we're gonna have a link to that article I would love to hear your feedback on whether you know this format works for you if you have any Comments that sort of thing. This is a doc that you know I've invested a huge amount of time in and People effort to get this out for everybody. So I hope everybody finds it useful And as we've mentioned in previous episodes if you find something in the document that you think Hmm, this is a typo. This is wrong This needs to be clarified upper right Corner of your browser. There's a little pencil in there in the doc Just click on that and tell us about that all our documentation is open sourced and we get to review and Updated really quickly as opposed to the six to eight months that used to take Before we open sourced it back when we had 27 different areas for content. Yes. Yes, of course How about we get going for this month, so let's try to make this episode a little Long absolutely So what do you want? first one we got up is so we got Just went out for general availability a while back mid-July Azure cross region load balancer is now Generally available. So okay what you get with cross region load balancer and sometimes you'll see this Mentioned as global load balancer because that's really what it is is it's a global load balancer So what it enables you to do is? Geo redundant ha scenarios for your workloads. Yeah, so basically what gets created We have different home regions around the world like West US That you have a static anycast global IP address That doesn't change Assigned for your global load balancing and then behind that You have partner regions that connect to those. Yeah, so, you know, let's say you are sitting in Seattle and you hit your global Cross-region load balancer. It's gonna look for the Closest location for you and let's just say in this scenario. We've got a web app that we are load balancing between One of the data regions in Europe and West US Of course, it's going to send you to West US But the nice thing about this is that for many of those companies that are global you now have a way to create one and Entry point that you can put all of your Load balancers from all the different regions in and then it algorithmic me Determines between the user and where they enter and all that sends them to the Correct region and then of course all of that traffic is going to go on the Azure back end. So you're gonna have lower latency because you're going through That that high-speed back end that we use for all of our internal networking between regions Okay, well, there's a couple things here one I wonder how this compares to let's say a front door implementation and To I think we're gonna have that answer because I think we've been talking to the PM on that one to do a deep dive on this We absolutely have we are gonna have Maheep from The load balancing team. He's been heading up cross region load balancer I work with him on a daily basis and he's gonna come in and in a couple weeks We're gonna have a deep dive into cross region load balancer. So just like we did with as your virtual network manager and Azure front door We're gonna deep dive into that and then we've got some other really cool deep dives Like you and I were talking about we knew it was just a matter of getting some of these out and getting Some people talking about it Now getting the audience to appreciate them and and liking them so absolutely describe Absolutely, so I will let him answer that question the big TLDR, I think is because Front door is more of a Distribution network. Yeah, where you know, it's it's putting the content in multiple areas and Distributing it. I probably don't it's gonna probably hit me for that because it was probably a terrible act analogy, but you know, this is load balancing as opposed to content distributing Continent distribution That sort of thing. All right. Well, we'll make sure to ask in the deep dive and Get all of those answers for you so that it's clear as crystal Awesome. All right. What do you got for us? Okay, so Do you want to encrypt like it's 1999? Yes. Oh wait, that's the wrong answer. No, no, I do not Yes, I want to like it's 20 23 or Yes, but as you know Browsers are built and communication on a network is built using the TLS policy TLS policy up to now have been kind of like not stagnant, but they've been pretty much the same and 1.0 which is still in use And I don't know why It's from 1999 Like encrypt like it's 1999 TLS 1.1 is from 2006. We are now in 2023 Yes, so we are now basically forcing anybody to Go up because the TLS policy for Azure application gateway and I did see a tweet from our friend Jeff Woolsey saying that there are also the significant changes in the TLS policies for Windows servers Is now being locked to a minimum of TLS 1.2 And that's coming up very very shortly Very cool So now we're going to not basically force the communication or the TLS configuration The deployment of application gateway to be and I believe it's like a very specific policy app gateway SSL policy blah blah blah Will be forced or a minimum of TLS 1.2 Nice, so if you're 1.2 already you're good if you're 1.2 or 1.3 even better If you're one point you're hurting like it's 1999 and you need to get up to date Yes, absolutely so that was not a Huge announcement in terms of added services, but it is a good announcement in terms of making sure that your environment is secure and that you are Having an experience for your customers that is secure Absolutely, and this day and age security really is job number one It doesn't matter who you are where you are in the business is that if you're not thinking about security Right up there with the implementation of whatever you're doing Yeah, it's not a matter of if you get hacked it's gonna be when But yeah, you want to make it as hard as possible. So this is a great way for companies to just you know Get with the program. Yeah, I just had my my demo subscription In Azure kind of reviewed and I've got an email. I have a bunch of stuff I need to address because you know when you're in a demo situation you put like passwords like password 1 2 3 or Like stupid stuff like that that you want to do because it's a demo. There's no actual data there Yeah, well my demo environment is still because it's live and it's in Azure it got reviewed and I have a Laundry list of things to go and fix in mine So I'm thinking I might actually take that opportunity to fix them but also to do kind of like a blog post slash video on Why these things are important and so if you are running some of these things in your own description Maybe you need to deal with them For sure for sure. Yeah, what's your second item? so now with Azure traffic manager Yeah, which allows you to be able to manage your traffic going going You know to your Azure resources Has now released to general availability the ability to always serve Your Azure traffic manager traffic that's going in so by default health policies and You know the endpoints those use those are on by default So it's always looking to check the health of the back end Points that are being used through traffic manager. So this allows you to always serve so to skip buy those and When I was reading through this doing some I was like Why would why would I want to do that? The reason is is there are companies? That are utilizing third-party health monitors that they're bringing those in they're connecting them in and Maybe they provide Additional Stuff that we're not able to that we currently don't have who knows All I know is that's the big reason for this is that it allows companies to still use traffic manager to their resources Bring in that third-party app. Maybe it's a maybe it's a network virtual appliance Who knows but allows you to bypass all those health policies so that that third-party Monitoring Can't work. So this is not designed as a oh, I want to make sure my people get to my website So I'm just gonna turn this on and just let anything come through. No, that's not what's designed here It's it's specifically you have to specifically turn it on through the health check and It's For when you're using that third-party to connect in okay So if I to get Let me know if I get this right Always serves basically just turns off the default health check probes So that you can rely on the third-party one to actually say whether or not that endpoint is healthy or not correct so Here is one caveat with this is still you still have to build the probe yes, turn it to always serve and You're still gonna get a charge for a Basic health check as part of of traffic manager So, you know, those are a couple things that of course are in the documentation that we have down below I saw on how you set up that check with the third party. Yep. Okay, perfect Other than that You got anything else? actually, I Have one because this was basically all of the GA announcements for July considering we're With three months from or two and a half months from ignite We're gonna see a bit of a a slowdown in GA announcements because everybody wants to ride that big ignite wave But there was one preview that became available late in July that is been something that's been asked many many many many times from Community members and also from companies that have been talking to which is it is now in public preview It's an early public preview So you have to basically fill out a form and apply to get rolled into the public preview But it's for agile Azure virtual network encryption So it's encryption between resources within a virtual network in Azure That includes regionally and globally through peer virtual networks, but that enhances how you can the existing encryption and transit capabilities of Azure So basically you have end-to-end encryption on virtual network within Azure It's still a preview. So there are things may change. So I'm trying to find out Whether or not it has a model where you can bring your own keys or brings your own certificates and so on We don't have all that information. It just came Open for preview The link will be down here if you want to apply if you want to test it And of course it may change but this is very very promising and I thought it'd be a good idea to let you know about this Absolutely, and you know, I actually started on Doing the docs for virtual network and then we kind of had some swap-ups in my team and I got pulled off it and went to some other places But yeah, it's good it. It's something that our customers have been asking for forever. I've heard about it I know you hear it about it all the time. Yep And you know, it's been a long time coming but we can definitely see that light at the end of the tunnel So it's gonna be pretty exciting stuff And I think you know, I may know some people that know some people that Maybe we can approach a deep dive maybe absolutely, you know, I think they'd absolutely love to get Yeah, us talking about that So I will keep you in we'll keep you posted as the virtual network encryption As that goes through its specific paces, but yeah, that's a great call out and you know We normally focus on the GA stuff, which I think is important because that's what you want to use in production But it's always good. We we always want to keep you Your eye on what's coming down the road that you might be able to look for and also Something like this is something chances are in your organization. You've been thinking about this Yeah, and you've been asking for it for so long so we figured we'd give you a little heads up and Go and sign up for the preview because the more people preview it the more we get telemetry out of it Then the more we can fix issues if they are any Awesome Yes, so keep an eye out for this channel as we mentioned we have several I believe deep dives that are in Planning stages some that are going to be done as Michael mentioned in a couple of weeks hopefully recording some that are like a month or a month and a half out but We have some really cool stuff coming and if you have suggestion on what you want to see for deep dives Please let us know in the comments below Absolutely. Yeah. Hey Mike. It's been almost 20 minutes with that being said Thank you very much. Are you going back on vacation or are you back to work for a good now? I'm back to work for good though I am going to see some of the Tech Ed beer crew up in Minneapolis this weekend so I'm gonna Sean and Chad and and Mike and Eric and Glenn and some of the other guys and Neil and So we'll you know have a good time. We're going to the twins game We'll probably talk talk shop. I want to talk to Neil because he's his company just went all Azure so Maybe you get them to spread the word about the hybrid and absolutely Absolutely, I'll hand off business cards We still have those I I might have one of my old one logos that I'm looking around my desk to see if I have any. I don't think I have any but Who know I have virtual one. So if you want us hit us up anyway Awesome that being said, thank you so much Michael and thank you for watching Wired for hybrid and we'll see you next month. Cheers. Cheers