Microsoft launches Azure Bastion to provide secure, remote access to Azure VMs

Microsoft has announced a new managed PaaS service that will provide enterprises secure and seamless RDP and SSH access to virtual machines directly through the Azure Portal.

Called Azure Bastion, the new service has been designed as an additional safeguard for the organizations that don’t want to connect to Azure VMs through public internet connections, as it can sometimes lead to the security and connectivity issues.

“Azure Bastion is a new managed PaaS service that provides seamless RDP and SSH connectivity to your virtual machines over the Secure Sockets Layer (SSL). This is completed without any exposure of the public IPs on your virtual machines,” Yousef Khalidi, Microsoft wrote in a blog post.

“Azure Bastion provisions directly in your Azure Virtual Network, providing bastion host or jump server as-a-service and integrated connectivity to all virtual machines in your virtual networking using RDP/SSH directly from and through your browser and the Azure portal experience. This can be executed with just two clicks and without the need to worry about managing network security policies.”

With the Azure Bastion, users can start an RDP (Remote Desktop Protocol) or SSH (Secure Shell) remote connection directly from the Azure portal using a web browser over SSL. This service will allow the users to access Azure VMs using a private IP address (see diagram below).

In future release, Microsoft plans to integrate Azure Active Directory with the Azure Bastion. The tech giant will also add seamless single sign-on capabilities, use of Azure Active Directory identities, as well as multifactor authentication to extend two-factor authentication to RDP/SSH connections.

There will also be support for RDP/SSH clients to enable them to connect securely with Azure Virtual Machines via Azure Bastion service.

Azure Bastion is currently available in preview.

READ NEXT: Microsoft releases new version of its machine learning framework ML.NET


Microsoft warns Windows users to “Update Now” to protect against new dangerous worm

Last month, Microsoft had released fixes for a critical Remote Code Execution vulnerability (CVE-2019-0708), called BlueKeep. This vulnerability was found in Remote Desktop Services, affecting some older versions of Windows. The tech giant has now warned that an exploit exists for this vulnerability.

According to an internet-scale port scanner, nearly one million devices on the public internet are vulnerable to BlueKeep.

“Future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” wrote Microsoft in a blog post.

Which versions of Windows are affected by BlueKeep vulnerability?

The following Windows systems are vulnerable to CVE-2019-0708 BlueKeep:

  • Windows 2003
  • Windows XP
  • Windows 7
  • Windows Server 2008 R2
  • Windows Server 2008

Users of Windows 8 and Windows 10 are not affected by this vulnerability.

How can BlueKeep vulnerability affect users?

If a vulnerable computer connected to the internet is compromised, it can provide a gateway to the corporate networks. This can allow attackers to spread advanced malware and infect all the computers across the enterprise.

It is a pre-authentication vulnerability and doesn’t need user interaction. Once the vulnerability is exploited, the attackers can execute arbitrary code on the target system. Then, the attacker can install programs, view/change or delete data, as well as create new accounts with full user rights.

“This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed,” added Microsoft.

Also read: Over 3 million malware detected on Android phones in 2018: Report

How to protect Windows against BlueKeep vulnerability?

Windows 2003 and Windows XP are out-of-support systems. Users of these systems can address the new vulnerability by upgrading to the latest Windows version.

Whereas, the users of in-support systems (Windows 7, Windows Server 2008, Windows Server 2008 R2) can download the security patch from the Microsoft Security Update Guide.

The customers who are using an in-support version of Windows and have enabled automatic updates by default are protected automatically.


Microsoft makes improvements to Windows 10 v1809 and Windows Server 2019

In the latest build version of Windows 10 (build 17763.292), Microsoft has made some quality improvements and fixes, including addressing the issue that could cause Microsoft Edge to stop working with certain display drivers.

There were a number of issues with the current operating system (OS) which could affect the quality and performance of the services included in Windows 10. The improvements that Microsoft recently announced are applicable to Windows 10 version 1809, and all versions of Windows Server 2019.

Among the significant updates, Microsoft has addressed an issue in Windows Server 2019 that causes a Hyper-V virtual machine (VM) to remain at the bootloader screen for OS selection while restarting the VM. There was another issue in Windows Server 2019 that could break connectivity on guest VMs when apps inject the low-resource flag on packets.

The Windows 10 OS had a number of bugs, including one that allowed users to uninstall apps from Start menu even when the ‘Prevent users from uninstalling applications from Start menu’ group policy was set.

A compatibility issue with AMD R600 and R700 display chipsets has been fixed, along with the audio compatibility issue users faced while playing newer games with 3D Spatial Audio mode enabled through multichannel audio devices or Windows Sonic for Headphones.

The tech giant is focusing on improving Windows 10 in every possible way, and adding several new features to make all the users of desktop devices shift to Windows 10. As part of its efforts to modernize desktop experience, it recently announced end of support for Windows 7 operating system next year.

Windows 10 was launched three and half years ago. Till December 2018, Windows 7 was the most popular operating system for desktop devices. Windows 10 has surpassed the dominance of Windows 7 this month. According to a report by web analytics firm Net Market Share, Windows 10 is currently holding 39.22% market share across desktop/laptop devices, whereas, Windows 7 accounts for 36.9% market share.

Also read: Windows 10 Insider Preview Build 18309 rolls out with password-less experiences and more

Full list of improvements in OS Build 17763.292 is available here.


Microsoft adds OpenSSH support to Windows Server 2019 and Windows 10

Microsoft is adding support for OpenSSH client and server to its Windows Server 2019 and Windows 10 version 1809.

The tech giant had announced the preview of Windows Server 2019 in March this year, which became generally available in October.

It is the latest version of Windows Server that addresses four important customer challenge areas: hybrid workloads, security, application platform, and hyper-converged infrastructure.

OpenSSH is the open source version of Secure Scripting Host (SSH) tools used to administer Linux and other non-Windows operating systems for cross-platform management of remote systems.

The OpenSSH comes with a set of client and server solutions used to enable secure remote login, remote file transfer, and public or private key pair management. Originated as a part of the OpenBSD project, the OpenSSH is now powering several ecosystems including BSD, Linux, macOS, and Unix.

Microsoft is adding OpenSSH to Windows Server 2019 to enable enterprises to use a consistent set of tools for remote server administration. It will prove to be a very useful addition for enterprises that work across a wide range of operating systems.

The company had added Win32 of OpenSSH in Windows Server version 1709 and Windows 10 Fall Creators Update as pre-release feature.

When Microsoft released the Windows 10 version 1803 in April this year, it added OpenSSH as a supported feature on-demand component. But this feature was still not supported on Windows Server.

With today’s update, OpenSSH support is now available as a feature on-demand with Windows Server 2019 as well.

Also read: Azure Machine Learning service now generally available

Earlier this month at Microsoft Connect(); 2018 conference, the tech giant announced the availability of first preview of Visual Studio 2019.

Microsoft is focusing on making the Visual Studio faster to open, work with projects stored in git repositories, integrating Live Share for improved collaboration between teammates, and powering IntelliSense with artificial intelligence (AI).

Articles Technology

SQL Server 2008 and Windows Server 2008 near End of Support. Here are new extended support options you should explore.

Today, the world is witnessing fourth industrial revolution. Everything is evolving due to rapid rise of new technologies and fusion of physical and digital spheres. Technology is the most important factor today that is bringing about this revolution. Microsoft’s  technologies are no exception and its almost each day that Microsoft is updating them and improving them to make the world a better connected, developed and secure place to live and work in.

In July 2018, Microsoft announced the End of Support for SQL Server 2008 and 2008 R2 and Windows Server 2008 and Windows Server 2008 R2 in mid-2018.

The 2008 release cycle saw a shift from 32-bit to 64-bit computing, advanced analytics and budding server virtualization technology. The new decade marks the era of hybrid cloud, artificial intelligence and other technological innovations.

What does SQL Server and Windows Server 2008 end of support mean for my business?

Microsoft offers 10 years of support to its servers – 5 years for Mainstream support and 5 years as Extended Support, under its lifecycle policy.

End of Support for SQL Server will end on July 9, 2019, and for Windows Server on January 14, 2020.

End of support means Microsoft will not be sharing any security updates or any other kind of support for the 2008 Windows and SQL servers, post the deadline. Lack of security updates will increase the risk of your infrastructure and expose it to cyber-criminals. Also, with no security updates, companies can face several compliance and standard issues. Especially, with GDPR regulations in action, you should not take risk for your business and incur any penalties.

The gravity of the situation lies in the increased risk of cyberattacks and other vulnerabilities on businesses which are not running on the latest server versions.

A report by Symantec, states:

  1. There has been an increase of 92% in new malware downloader variants.
  2. 46% increase in new ransomware variants.
  3. 600% increase in attacks against IoT devices.

You can clearly understand the risk you can put your business in, by not upgrading the software technology.

How to prepare for SQL Server and Windows end of support?

Microsoft ensures that its customers are completely supported during this phase of transition. The company introduced two new options to help organizations transit to the new decade.

New options for SQL Server 2008 and Windows Server 2008 End of Life

With the deadlines approaching fast, customers have  very less time left with them to take an action.

Microsoft suggests its users to upgrade to the latest versions of both the software. This will help them leverage software assurance benefits for reduced security risks and continued security updates. However, for the customers who will not be able to make this transition by the end of the deadline, Microsoft has introduced new options:

  • Extended Security Updates by Migrating to Azure

For organizations, which are still running their infrastructure on-premises, the end of life is a golden opportunity to make a shift to the cloud. However, it is easier said than done. Hence, Microsoft is offering Extended Security Updates for SQL and Windows server 2008 for free in Azure for both 2008 and 2008 R2 versions of each. The organizations can:

  1. Rehost their SQL Server 2008/2008 R2 and Windows Server 2008/2008 R2 in Azure SQL Database Managed Instance with little to no code changes. Thus, getting a version free platform.
  2. Move to Azure Virtual Machines and upgrade to a newer version when they are ready. Here also, the customers get three years of extended support at no extra charges.
  3. Customers can use the existing licenses and save nearly 55 percent with Azure hybrid benefit. In case of Windows Server, they can save nearly 80% on Azure VMs through Reserved Instances and Hybrid benefits in Azure.

Customers do not need to have a Software Assurance when moving to Azure. However, they might require it if they wish to leverage Azure Hybrid Benefits.

  • Upgrade on-premises

This seems to be the most straight-away solution i.e. to upgrade to SQL Server 2017 and Windows Server 2016.

SQL Server 2017 is built for greater performance, security, availability and innovation with intelligent cloud analytics.

Customers who are running Windows Server or SQL servers under licenses with an active Software Assurance under an Enterprise Subscription Agreement (EAS), Enterprise Agreement (EA) or Server and Cloud Enrollment (SCE) can also purchase Extended Security Updates for three years post end of support deadline. The catch however, is that the customers will be able to buy security updates only for those servers they need to cover.

It should be noted that only Datacenter, Enterprise and Standard editions of SQL Server and Windows Server 2008 and 2008 R2 will be eligible for Extended Security Updates. Customers will need to get updated on the latest service pack for both the services in order to receive Extended Security Updates.

When will the Extended Security Updates option be available?

Those who opt for Azure migration, can begin migrating the workloads to Azure VMs immediately. They can apply security updates until the end of life deadline approaches. Once the deadline is over, Extended Security Updates will become automatically available for giving you continued coverage.

For those who opt for staying on-premises or on hosted environment, Extended Security Updates will be available for purchase as the deadline for end of life approaches. Microsoft will be announcing specific date for this purpose. Extended Support will be delivered immediately after the deadline ends.

Extended Security Updates for SQL Server 2008/2008 R2 and Windows Server 2008/2008 R2 will include provision of security updates and other bulletins that are rated critical. These will be available for a maximum of three years post deadline.

This offer will not include:

  • Any technical support. Customers will have to buy Microsoft support plans if they need assistance on 2008/2008 R2 questions.
  • Any offer including, new features, design change, non-security hotfixes etc.
  • There will be no retroactive effect for any of the updates that was declined by the engineering teams in the past.

How much the Extended Security Updates cost?

In Azure: Customers who are running Windows Server or SQL Server 2008/2008 R2 in Azure will be getting Extended Security Updates at no extra charges above the standard VM rates.

Customers who will be moving to Azure SQL (PaaS) database managed instance will not need the Extended Security Updates as it comes as a fully-managed solution. It is always patched and updated by Microsoft.

Hosted: Customers will have to purchase Extended Security Updates for 75% of full on-premises license cost per year and later use them in a hosted environment.

On-Premises: Customers who own any active subscription licenses or software assurance will be able to purchase the Extended Security Updates for 75% of the EA license cost annually. They can also reduce cost by paying only for the servers they need to cover and gradually upgrade the environment.

Our take on the new options

Whether you choose to stay on-premises or in a hosted environment or consider this opportunity as a chance to make your move to the cloud, the only wrong choice you can take is by not making any choice at all.

Ceased support for the servers, is a new opportunity to innovate and explore new options in the cloud or on-premises.

Contact your Microsoft partner or a cloud service provider now, to get complete help and guidance.


Cloud Cloud News Linux Hosting News

Windows Server 2019 with Kubernetes and HCI support to be available this year 

Microsoft yesterday announced that Windows Server 2019 will be made generally available in the second half of the year 2018. The server addresses four important customer challenge areas, including hybrid workloads, security, application platform, and hyper-converged infrastructure.

The new version of Windows Server is built on Windows Server 2016, which was launched in October 2016. It marks the latest release in Microsoft’s long-term servicing channel (LTSC), which comes once in two years.

Windows Server 2019 will be integrated with Project Honolulu, a browser-based management solution. Microsoft aims to make it easier for enterprises to connect their existing deployments of Windows Server to Azure services.

“With Windows Server 2019 and Project Honolulu, customers will be able to easily integrate Azure services such as Azure Backup, Azure File Sync, disaster recovery, and much more so they will be able to leverage these Azure services without disrupting their applications and infrastructure,” wrote Erin Chapple, Director of Program Management, Windows Server. 

Microsoft is enhancing the security in Windows Server 2019, with a three-point approach: protect, detect and respond. The company has added Shielded VMs with support for Linux VMs as well. It will protect VMs against malicious activities. The addition of Encrypted Networks will enable encryption of network segments to protect network layer between servers.

Windows Server 2019 will have embedded Windows Defender Advanced Threat Protection (ATP) to detect attacks in the operating system. Sysadmins will have access to deep kernel and memory sensors, so that they can respond on server machines.

Under application platform, there will be improved orchestration for Windows Server container deployments. Windows Subsystem on Linux (WSL) support in new version will enable Linux users to bring their scripts to Windows while using industry standards like OpenSSH, Curl, and Tar. There is also a support of Kubernetes, which is currently in beta.

The Windows Server 2019 reduces the size of Server Core base container image from 5 GB to less than 2 GB. This will reduce the image download time by 72%, resulting in optimized development time and performance.

On Hyper-converged infrastructure (HCI) front, Microsoft said that it has added the ability in Windows Server 2019 to manage HCI deployments using Project Honolulu. It will make the management of several activities on HCI environments simpler.

Also read: Microsoft introduces services for moving SQL Server and applications to Azure to help customers get better ROI

Microsoft is also planning to launch System Server 2019 with Windows Server 2019 support.

The Windows Server 2019 is now available for preview, and will be generally available in the second half of this year.

Cloud News News Web Security

Security updates to Spectre and Meltdown impacting PCs and servers performance : Microsoft 

To protect users from the Meltdown and Spectre vulnerabilities, Microsoft had recently released security updates for its systems. However, these security updates slow down the performance of some computers and servers.

More than a week ago, security researchers discovered the Meltdown and Spectre malicious actors which were affecting all mobile devices and computers. These attacks take place in three variants- Variant 1 (Spectre), Variant 2 (Spectre), and Variant 3 (Meltdown).

Microsoft currently supports 45 editions of Windows, and have issued security updates for 41 of them already. Talking about slow system performance, the tech giant said that Variant 1 and Variant 3 don’t affect much, but Variant 2 seems to have more performance impact on devices.

Windows 10 users with 2016-era CPUs or newer won’t see much performance impact as the benchmarks show single-digit slowdowns that are reflected in milliseconds.

While the Windows 10, Windows 8, and Windows 7 users with 2015-era CPUs or older might notice a decline in their system performance. The users of Windows Server are more likely to see significant performance impact.

“Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel. We will publish data on benchmark performance in the weeks ahead,” said Terry Myerson, Executive Vice President, Windows and Devices Group.

Customers don’t look convinced with Microsoft as a lot of users complained on Twitter that they are compromising the performance in the name of security. While others said that they are forced to add more servers to have the system performance they had before applying security updates.

Following the knowledge of vulnerabilities gaining momentum last week, Intel too had announced to release security updates within a week, for 90% of the systems it had introduced in the last five years, and for the remaining ones by January end. Talking about performance impact on systems, Intel said that the average computer users (the home and business PC users reading emails, writing documents, accessing photos, etc.) might not see significant system slowdowns.

Also read: Spectre and Meltdown vulnerabilities affecting all computing and mobile devices around the world

Based on our tests on SYSmark 2014 SE, a leading benchmark of PC performance, 8th Generation Core platforms with solid state storage will see a performance impact of 6 percent or less,” stated Intel.

Business Cloud News News

Azure advancements remove cloud adoption barriers, going hybrid made easier

This week at its annual Ignite conference, Microsoft showcased its hybrid capabilities and announced many new advancements that will help enterprise customers to remove cloud barriers and seize the opportunities that cloud brings with it, especially the hybrid cloud model.

Azure has long been committed to enabling the only true consistent cloud experience from identity, to data, to platform, to security and management. We uniquely understand that a distributed hybrid cloud model is the durable cloud model. And, we uniquely understand that hybrid cloud is more than just infrastructure – it must address your entire environment,” said Microsoft EVP of Cloud and Enterprise Scott Guthrie in a blog post

Hybrid cloud is playing a central role in most organizations’ cloud strategy and is considered to be a future-proof and long-term approach by the customers. It is considered essential in the world of AI and IoT.

Mark Jewett, Microsoft Director of Product Marketing, Cloud Platform, said in his blog post “We asked 2,500 IT professionals about their approach to cloud, and 91 percent of these IT workers believe hybrid cloud will remain the approach for their organizations five years from now.”

Out of the many solutions that Microsoft has built to help advance hybrid scenarios, Azure Stack is an absolute game-changer. It allows flexible deployment in the cloud or on premises, thus enabling a consistent development experience for cloud-native and traditional applications.

Also read:

As a commitment to provide consistent hybrid cloud to its enterprise IT customers, Microsoft made few announcements:

  •   Azure Stack integrated systems available for shipping and purchase

Azure Stack, an extension of Azure that enables organizations to build and deploy apps with the same APIs, tools and experiences as they use in Azure, is available for purchase. OEM partners – Dell EMC, Hewlett Packard Enterprise, and Lenovo are the shipping systems for Azure Stack integrated systems. Customers can purchase Azure Stack from them and get the help to deploy and install it, to run their applications.

Also Read:

With it, developers can build an application and run it in both – Azure and Azure Stack and it will meet every regulatory requirement.

  •   A new unified Azure database migration tooling experience

Microsoft has built a fully managed Azure SQL Database service, with 100 percent SQL Server compatibility for no code changes via managed instance and has introduced a new and fully automated Azure Database Migration Service that will enable customers have a near-zero downtime migration, thus helping them save time and lower costs significantly.

  •  General availability of Microsoft SQL Server 2017 on Linux, Windows, and Docker

Customers will be able to run SQL Server 2017 on Windows Server, Linux, and Docker, for the first time. With this, customers will get support for scalable Python and R-based analytics and help to enable in-database advanced machine learning. This will allow developers to train advanced models easily with data inside SQL Server, without the need of moving data.

SQL Server 2017 GA will help developers deliver high performance and data security with everything built in, including AI, using their preferred platform and language

  • Extension of Azure Security center protection to hybrid environments

Microsoft has extended new security capabilities to its Azure customers. They will now be able to detect and defend advanced threats and protect their workloads running on premises or in cloud. Security Center will unify security management across environments and provide intelligent threat protection using analytics and the Microsoft Intelligent Security Graph.

We will keep you posted with more news from Microsoft Ignite this week. Stay tuned!