Trace3 @ Microsoft Ignite 2018 – Key Takeaways

SEP 27, 2018

by Chris Nicholas | Principal Cloud Solutions Architect – Azure | Cloud Solutions Group

Well I’m ignited. Or re-ignited. The wealth and breadth of ‘what’s new’ announcements at Ignite 2018 in Orlando has been astonishing. Let’s get to the good stuff shall we? Here is a breakdown of some of my favorite news, but not before I dazzle you with a mug shot showcasing my instant friendship with the fist-bumping Yammer mascot.



Role Based Certifications – are new certifications based on administration, developer or architecture roles, and I feel a strong correlation with the previous trio 532, 533 and 535. We are very excited about these as an org at Trace3, to align our engineers, architects and support personnel to the learning and accreditation path best suited. I’m going after the Solutions Architect track and I’ll keep you posted on my learnings.


Microsoft Learn – is also new in the learning space. I’ve so often been asked in the community – “where do I go to learn about Containers?” or “where can I get an overview of Azure App Service?” or “Azure Fundamentals?”. The answer is Microsoft Learn. If you don’t want to tackle an entire cert, you don’t have to. Learn a module instead, start small and build up your Microsoft Learn points by focusing on individual elements or skills. A beautiful concept.


These are the big ticket items on the networking front. There was huge anticipation for the new ExpressRoute options, including connectivity at 100 Gbps in preview with ExpressRoute Direct. The Azure Front Door Service is also in preview and will change the way we architect applications with global reach. The enterprise-grade service provides a secure, highly available entry point. We get App acceleration through the anycast protocol and this leverages MSFT’s global network to connect to backends deployed in Azure. The diagram will do a better job than any sentences I can throw together. See below and additional excerpts on Azure Firewall, now GA and some details on the new ExpressRoute offerings.

Front Door Service (preview) – Front Door provides an ultra-scalable and secure entry point for your global web applications. Front Door Service offers a global anycast based network of POPs located close to end users. This provides an easy way to scale out your web application by using HTTP load balancing and path-based routing rules. Looking forward to General Availability on this one [probably more than others!].


Azure Firewall (GA) – Azure Firewall is a managed cloud-based network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall with built-in high availability and cloud scalability. Check these links for documentation and pricing information.

ExpressRoute Global Reach (preview) – ExpressRoute Global Reach connects your ExpressRoute circuits together so that on-premises locations can leverage Microsoft’s global network to carry traffic. For example, if you have a datacenter in California connected via ExpressRoute and another in Texas connected via ExpressRoute, you can now have traffic traverse between the two datacenters using Microsoft’s global network backbone. Azure is the only cloud to offer this and has one of the largest global networks in the world.

ExpressRoute Direct (preview) – ExpressRoute Direct provides the world’s fastest private edge connectivity to public cloud. ExpressRoute Direct allows you to connect directly to the global Microsoft backbone at up to 100Gbps speeds. With this, you can realize scenarios like massive data ingestion of storage, physical isolation, dedicated capacity, and high bandwidth burst capacity, utilizing Microsoft’s global backbone to access Azure resources and regions at tremendous scale.

Also available now is ExpressRoute Monitoring, providing at-a-glance view at connectivity components and their relative health.



I’m going to focus here on Azure Security Center updates and an interesting development in Azure AD. I also want to give honorable mention to Confidential Computing VMs due to be released in October, and announced at Ignite.

Azure Secure Score – who doesn’t like a good dashboard? The new scoring metrics in Azure Secure Score provide feedback loops to show overall security posture for an org, as well as silo scores on IAM, Compute & Apps, Data & Storage and Networking. The recommendations are essentially deviations from what is considered best practice and hold values related to their weighted impact on overall posture.

What’s really cool, is the remediations in most cases are now baked into the experience in Security Center, allowing for much more elegant administration.

Password-less Authentication – Ignite 2018 unveiled support for password-less authentication using the Authenticator app in Azure AD. The Authenticator app replaces your password with a more secure multi-factor sign in that combines your phone and your fingerprint, face, or PIN. Using a multi-factor sign-in method reduces risk and makes the user experience simpler by eliminating passwords.



Azure Blueprints (preview) – the problem addressed by the Blueprint service is to kill off the repeatable, highly important tasks when provisioning new, or updating existing, Azure environments. The idea is to guard-rail subscriptions and resources to guarantee compliance with org standards. The other important element here is the speed to delivery, allowing consumers of the environments almost immediate access through self-service. With Blueprints, we can define policies, RBAC and ARM templates. Let’s take a look at the new service.

We see tremendous value in this service at Trace3 and will be watching this space carefully. We are also developing an Azure Landing Zone solution that will contain components of the Blueprint offering when it moves to General Availability.



Azure SQL Database Managed Instance – Managed instance brings the best of traditional SQL on IaaS together with the attraction of Azure SQL’s High Availability and Scale capabilities. It’s now easier than ever before to move on-premises DB’s to Azure, especially if we also consider the Azure Database Migration Service which now supports online migrations. More here: Azure Database Migration Service
We get private IP now, capability to deploy within VNET and PaaS-like HA and automated backups.

Key to remember is that with Windows Server and SQL 2008 / R2 going EOL, Microsoft announced an extra 3 years of extended support if the workloads are migrated to Azure. This is a great option for those legacy workloads that require DB backends.


Ultra SSDs (preview) – In the “we did it better and faster than ever before” submission this year, Microsoft announced the preview of Ultra SSDs. We are talking sub-millisecond latency, sizing from 4GiB to 64 TiB, and up to 160,000 IOPS (and 2 GB/s) on a single disk. This is significantly more IOPS than any other public cloud capability on the market today.


The event began with Satya talking about Tech Intensity and Open Data Initiatives. Both admirable concepts, filled with virtue and substance. Unlike prior keynotes, Satya failed to give me goosebumps but I did hear the message and of course I applaud it. The next 4 days were filled with rapid fire sessions in the EXPO hall, breakouts and workshops.

The Trace3 family spent some quality time with a cloud partner that we are marrying to provide a host of value-added cloud services and there will be plenty of news on this in the coming weeks.

It seemed that every few minutes somebody would be talking about a new announcement. There were so many compelling updates not mentioned here, like the premium tier in Azure Files, Windows Virtual Desktop services in Azure, Azure NetApp Files, Cost Management now baked into the portal, Cosmos DB Multi-Master mode, Azure Policy in the DevOps experience and Azure Management Groups.

If you are Trace3 connected and would like an Ignite debriefing, reach out and we will set time up for you. We would be happy to oblige.

Leave a Reply

Your email address will not be published. Required fields are marked *