 Hello everyone and welcome back to another episode of Wired for Hybrid. This is a busy week for us. As you can see over my shoulder here, we're right in the middle of build. We were hoping that maybe there'd be some tidbits that would come out about Azure networking, but so far it's been mostly focused on developer and AI, if you can believe it. Anyway, so this week, join us for what's new in Azure networking. Hey Michael, how are you doing? I'm doing excellent Pierre. Enjoying your build week? It's a little busy. It's a little busy, lots of sessions to watch. I'm moderating a few of them and I got one more later this afternoon, the Mark Rosinovich session where we're going to be answering questions in the background. Joel, I'm looking forward to that one. How about you? Yeah, same here. The one nice thing for those people that are out here listening, as you know, I'm a content developer, with build, the week before is good if you don't have something going into build because we have a freeze on all documentation since the 15th. It gives us a little bit of time to maybe catch up on something and that sort of stuff. But as far as build is going, just some really cool stuff, some stuff that I'm always like, they announce all these great things. This was even before I joined Microsoft. Yeah. It's like, when can I get to use this? I want to go home now and use Microsoft 365 Copilot. I can't wait for the June Windows Copilot that Panos talked about today. That's so many cool things. And I know that the show is focused on networking, but all of you in the audience, hit that like, hit that subscribe, and put in your comments if you want to hear Pierre and I talk about copilots and generative AI and GPT and how you as IT pros can be really using that in your environment. Because I'd love to have that chat with Pierre about that. So I just put him on the spot right now for that. Yeah. Yeah. That's OK. And speaking of content, I don't know if our listeners know, but the last time, last episode, we were live at the PowerShell Summit or PowerShell and DevOps Summit in Bellevue, Washington. We had a little kind of like Hackadoc at the end or Docathon. I don't know what the term we finally landed on. But we kind of fixed documentation for like, I think it was something like 200 pages of documentation in Microsoft. So if you see something in the documentation, if it's a wrong command, if it's a typo, if it's something, you can hit that little edit button at the top and suggest an edit to our own documentation. That's how it gets better. So our own documentation is now open sourced. So. Absolutely. Help Michael and fix his. Help us out, absolutely. Yep. All right. First item this week, Michael, what's up? We got generally available cross region service endpoints for Azure Storage. So just to kind of give everybody a refresher, what service endpoints are for virtual networks? Is it basically gives you that direct connection over the Azure backbone to a number of different services? Think of like data like SQL and Cosmos DB. And specifically here, we're talking about Azure Storage and Datalink. So traditionally with these service endpoints, those are typically more like PADS services, correct? Yep. Yep. So there's a whole huge list of it. And unfortunately, I rebooted my computer so I no longer have that list. But we'll put that for you down here somewhere. In the comments. So it's mostly those PADS services. So instead of having to connect across the public, internet, whatever, getting over there, it's basically a direct connection and allows you to utilize that the higher speeds that you get running on the Azure backbone. So traditionally service endpoints, you've only been able to use them in the same region or if you have paired regions with Azure Storage, you could use that. So with this, what this allows you to do is you can go across any region. So you can connect to Azure Blobs or Data Lake Storage from vNets in any of your regions. So you might be thinking, Mike, what's the value of this for me? So let's say you have a global infrastructure. You're across regions all across the world. You have a centralized storage location. Maybe it's because of access control. Maybe it's a security concern, regulatory, whatever. Let's just say you need to have everything central. This allows you to be able to access those from all your vNets and not having to have a service endpoint in every one of those regions going to storage in those regions. So it gives you a lot more scalability and access for networks as they're getting more global. As people are bringing their data closer to them and closer to where their customers are. Yeah, and it also makes the management of those service endpoints a lot easier because like you mentioned, you don't have to create one in every region. You can just have the one and manage that. That's perfect. Yep, and another one of the neat things that it does is that with this update, it changes. So you're no longer connecting using public IP addresses to those storage accounts. You're now using private IP addresses. That's right. Cause for example, a blob storage would have like a, it has a very long URL, but it is exposed to the internet. So you basically, instead of having to from your VM, go out to the internet, hit that DNS name, come back into Azure. Now you go directly. Yep, you go directly through those service endpoints. So let's see some other stuff with this. We talked about the centralization of the data. Along with that, what you can also do is, we always talk about high availability, high availability, not enough coffee today and business continuity. And so what you can also do is you can still do cross region replication. So you don't have to just put all of your eggs in one basket, you can still replicate that storage and have it work with this as well. So you can make it highly available, highly scalable, but also make it easier for you to get into those workloads. So we'll have some links for you. I'll also throw in some links to service endpoints as well cause that's an area when I talk to a lot of people, not a lot of people, they've heard about them, they might not be using them. We'll throw some articles in there for you to get a better understanding of those and maybe check them out yourselves. Perfect. Yes. And those will all be in the show notes. And we will list them in the description down here, linked to the blog article with all of the details. Unless you're in Australia, they might be up there. They're not watching us upside down, you know. We could totally cut this. The only reason I say that is my buddy Glenn from Australia, his avatar everywhere is upside down. Oh God. So Pierre, what do you got for us? Yes. So general availability, as you mentioned, not enough caffeine, Azure CNI overlays are generally available. And if you're asking yourself, what the hell is an Azure CNI overlay? You're asking the right question because I had the exact same response when I first saw the announcement. But the more I look into them, the more I think this is a fantastic things, especially for now when we are in the age of the container in AKS where you've got pods and dozens of containers running your application. So what the Azure CNI overlay is, it's a new networking options for Kubernetes services or Azure Kubernetes services that assigns IP addresses to pods from a private address space, which means that just like when you're in a network environment, you're on a regional office and you've got 192.168.1.1 address or .1.0 slash 24 address for your local office. And as you go up to the internet or to your other offices, you're actually getting knadded or network address translation at the egress point. Now, with the CNI overlay, that's basically the exact same concept that happens. So all of your pods can talk to each other using that private IP address. Those private IP address can be reused across different pods because they would never talk to it, not different pods, but different environments and they would never talk to each other because they're always knadded through the AKA service. So they communicate with each other using that overlay network without encapsulation or custom routes. The pods use the external endpoint or naps through the nodes own IP address. And it's been generally available since May 10. So about a week ago or a week, maybe a week and a half ago. Nice. Yeah, that sounds like for a lot of people that are starting to move into the containerized world and using AKI site, I can imagine with all of the containerizations of different apps and everything that much like when you and I were running data centers is we went through the late 90s and the 2000s of data center sprawl that led to virtualization. There's probably a lot of organizations that have container sprawl. And maybe I just created a new buzzword, container sprawl. But this is awesome because it does, you can create pretty big address spaces inside of Azure, but I could totally see if somebody just put the wrong slash, maybe made it a wee bit too small, that you could probably run out of that. So having that ability to have those pods natted I think is a great feature. Yeah, and if you were looking at it with the idea of like security is everywhere and is everybody's business, by having a private IP like that, it also kinda, it's not foolproof, but it does add a layer of security because those IP addresses are not exposed. So all of your pods and everything that's communicating behind the node or inside the node is not being, cannot be sniffed, for example. Good stuff. I think, continuing on that security thought, I believe we've got something new for DDoS protection. Yes, yes. Well, we've always had, or we've had for a while now the IP protection for Azure DDoS protection for your environments. Now there's what's generally available is a new SKU. Just like with other services that we reviewed in past episodes, these are the same services that have been tuned for like very large environment or big enterprises, but now they're being tuned for SMBs or small and medium businesses, in which case you can have the protection from Azure DDoS protection and defend against DDoS attacks and DDoS grade protection, but now you can get it at a lower price point. Of course, there are always some adjustments in terms of how much you can process and so on, but this particular SKU is specifically tuned for small and medium businesses. You get the exact same protection for like L3, L7 protection for DDoS attacks. Your additional features add DDoS response or rapid response support, sorry. So if something does happen, you have some recourses, cost protection and an integration with Azure Firewall Manager. So it's kind of cool. That is great stuff. I think continuing to build out that set of resources and features that small to medium size businesses can get into that give them the class of security and services that the enterprises have had for a long time. I can also see this used in some of the larger organizations as well, but maybe they don't need to have every one of their IPs covered by this. There might be this option to kind of look at it singularly, but I think you totally had on ahead that this is really designed at that lower cost point for those SMBs that they want to get this protection but they- Well, everybody deserves that protection. They do, everybody does. Everybody does. And now it's reflected in the price. Yep, okay. I think we have a segment that we've never done before. We talked about it, I think, or we alluded to it in the past, but this is really the first time when we're going to talk about retirements. Pierre, I didn't know you were retiring. No, I'm aware. I'm in the Pinebox program. Oh, you're talking about- We're going to take me out of Microsoft in a Pinebox. Oh, you're talking about service retirements. Okay. Service retirements, yes. Good. I thought maybe I was going to have to do this show with Rick. No, not yet, not yet. Not yet. So yeah, so there's every once in a while and Microsoft we've been very clear since I think it was 1991 where we came up with the enterprise lifecycle support agreement or lifecycle support statement where every product that was at the time was five years of mainstream support, five years of extended support. And after that they had custom support if you were able to justify it. With the cloud, this becomes a little bit more nuanced. So now when we announce a product or a service that's retiring, we do it way in advance. So there is a couple of them. I'll do the first one and you can cover the second one. There's a retirement notice for public peering. So new, new express public peering connections will be allowed, actually have been allowed since 2018. So that's how long we've been getting, but now the dates have actually been set for March 31st, 2024 where public peering or V1 of public peering is gonna be out of service. So there is ways and documentation on how to migrate to the current version, but that gives you a full year before you get there. So that's kinda cool. That is kinda cool. And as far as application gateway, so application gateway V1 is gonna to be retired on the 28th of April in 2026. So you should be transitioning over to application gateway V2. So this means you've got until 2026, so you've got about three years. In order to get over to that transition. And also, if you're a new customer and you've got something planned in the works, you should be planning to put this onto V2 because starting on July 1st of this year, there's gonna be no more V1 that you can actually deploy. So maybe in the audience, you've got this working, a project working in your organization on this. You wanna make sure that they are speccing this for application V2, unless you are on a quick path to get this done before July. Even then, I would recommend moving up to V2 because you're gonna get the newest features, you're gonna get the best features set, you're gonna get a longer life on that as well. Yeah, so it's a good idea to do an inventory of the services that you're running, either by looking at your bill at the end of the month to see all the services that are, but also when looking at the CICD pipelines that you may have in your environment. So if the deployment of the application gateway has been automated somehow as part of a workload that you're managing or deploying or monitoring or involved in any way, take a look at your pipelines to make sure that those are also got time to test them and modify them and test them to move from V1 to V2. And there's also a script if I'm not mistaken, correct? Is a PowerShell script to help you do the migration? There's a PowerShell script that's in our documentation that will walk you through the migration process. We'll have that like everything inside the show notes for you and you'll be good to go. So that was it. Not as many GA as we normally get, but that was kind of expected in the month prior to build because like Michael mentioned, there is some embargo and then there's some lockdowns. You're not allowed to announce anything and you're not allowed to make any new documentation until build is over or until the event is over. In this case, that'll be on the Friday, I believe. Yep, yeah, I'm expecting that we will probably have a few more things, hopefully to talk about in the June and July and August shows. And then I would expect once fall starts rolling around, we're gonna be pretty busy with Ignite coming up in November. I know a lot of service, that's you think about a builds kind of that event for a lot of developer type stuff. There was a, I dig into the AI sort of stuff. So there were a lot of great sessions for me, but there's generally not a lot of stuff focused on the infrastructure side Ignite. There was a lot on monitoring and managing containerized or AKS environment, Kubernetes environment. So there's quite a few sessions in there that I thought were are interesting. But that being said, and talking about more stuff is coming, we do have two episodes in the can, two deep dives that I'm currently editing that will be released in the upcoming week or weeks. The deep dive on WAF. No, no, the deep dive on front door and the deep dive with Andrea on AVNM. So Azure Virtual Network Manager. Yeah, I think everybody's gonna be really excited about those both, they're both pretty long, but I think that they're really, really solid information. Both Dong and Andrea did an amazing job of introducing us to the products and also deep diving into the what, the how and the why and show to some great demos of how to use those products and why you should be using them in your environments. Yeah, so if you don't wanna miss that, like and subscribe, and Michael and I will see you next month. So, Mike, great to see you again and everybody else. As always. Have a good week, cheers. Take care, everybody.