Microsoft announced it's offering secure storage of cryptographic keys in its Azure cloud, relieving enterprise IT of the burden of storing and protecting keys on premises.
In doing so, it's following in the footsteps of Amazon Web Services, which announced an encryption key management service Nov. 12 at its Re:Invent conference in Las Vegas.
Microsoft's Azure Key Vault is a hardware security module (HSM) in the cloud. An HSM is a hardware appliance, either a device attached to a computer or a plug-in card. The device is sealed against tampering and offers no software interface through which it may be modified. The HSM can issue encryption keys, centrally manage keys, and execute cryptographic processing. Microsoft's HSMs in the cloud enable developers to develop and test across key types, either hardware-protected or software-protected, wrote Corey Sanders, director of Azure program management.
[Learn more about Amazon's entry into cloud-based key management. See Amazon Focuses On New Services, Not Price.]
Azure manages HSMs as a service, meaning "Key Vault can be configured in minutes, without the need to deploy, wait for, or manage an HSM ... The service scales to meet your needs," Sanders wrote in a Microsoft blog Thursday.
In addition to adding key management, Microsoft is offering pre-loaded Docker images in Ubuntu-based virtual machines in its Azure Marketplace. The offering makes it simpler to containerize an existing application or develop a new one for use as a containerized system. Linux containers allow multiple applications to share a single host, each getting its operating system function from the host's kernel.
Azure customers were already able to run Linux containers, provided they installed an Azure Docker extension to a running Linux virtual machine, Sanders said in his blog. But it is now much easier to activate a container in a virtual machine by going through the Azure Management portal. The customer may assign his secure shell protocol and other credentials to the VM, and the Linux container will be activated for him. "This is just the first of many additional integrations of the Docker ecosystem into Microsoft Azure, directly through the Azure Management Portal," wrote Sanders.
Microsoft is eager to keep developers in its fold. Developers like Docker, which explains Microsoft's newfound enthusiasm for Linux and Linux containers. In addition, Microsoft is working with Docker to create Windows containers that can be formatted using the familiar Docker system. Microsoft, under CEO Satya Nadella, is recognizing that Linux and open source code are a permanent feature of the landscape, and the Microsoft cloud will have better prospects if it works with them rather than against them.
In another move, Microsoft launched a new instance type, the G series, with up to 32 virtual CPUs, 448 GB of memory, and 6.59 TB of solid-state drive space. The virtual CPUs of the G series instances are powered by Intel Xeon E5 version 3 processors.
"G-series sizes provide the most memory, the highest processing power and the largest amount of local SSD of any virtual machine size currently available in the public cloud," wrote Sanders. G series instances may have up to 64 attached data disks, so enabling the attachment of up to 64 TB of disk drive storage.
No comparison can be exact without a clear definition of what constitutes a virtual CPU for each vendor. But Amazon offers an 8X Large C series that consists of 32 virtual CPUs, 60 GB of memory, and 640 GB of solid-state disk. It also offers a high-volume I/O instance, the I2, an 8X Large with 32 virtual CPUs, 244 GB of memory, and 6.4 TB of solid-state storage.
By these measures, Microsoft has a slender claim to be offering "the highest processing power and largest amount of local SSD of any virtual machine size currently available in the public cloud." Its cloud G series hosts are running version 3 Intel E5 Xeons; Amazon still lists version 2 E5 Xeons for its C series and I series, although it is in the process of moving to a custom E5 v3 Xeon chip.
Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio