At TechEd in Houston today, Microsoft announced a wide range of updates to its Azure cloud platform. As has become customary for Azure updates, the new features announced today include a mix of previews of brand-new capabilities, and general availability releases of features previously only in preview.

In the general availability bucket are a set of new networking options for connectivity to Azure. Currently, Azure users connect to Azure through a mix of public Internet addresses and private VPNs, with all traffic going over the Internet. The new ExpressRoute capability provides a third option: direct private connections to Azure, either through exchange providers, or by connecting Azure to existing corporate WANs.

ExpressRoute will be offered with a 99.9 percent SLA and four bandwidth tiers: 200Mbps, 500Mbps, 1Gbps, and 10Gbps. Though now generally available, the connectivity is currently limited to connections via two US sites—Silicon Valley and Washington, DC—and London. Microsoft intends to make it available in 13 further locations by the end of the year.

Organizations using the existing VPN connectivity will also have new options. Previously, Azure's virtual networks could only have a single on-premises endpoint, so there was no good way for multiple Azure virtual networks (in different data centers, say) to communicate with different corporate locations or with each other. Today, multiple site connections are possible, and virtual networks can be joined to each other, addressing both of these shortcomings.

Microsoft is also announcing finer control of the public IP addresses exposed by Azure virtual machines. Going into general availability today is the ability to reserve public IPs on the Azure load balancer. This will allow applications to be exposed at the same public IP address, even when the virtual machines are reprovisioned. And going into public preview today is the ability to give individual virtual machines public IP addresses, so that non-load-balanced services, such as FTP or system monitoring, can be used.

That load balancing is becoming smarter, too, with the general availability of the ability to use non-Azure endpoints with Traffic Manager. This enables Azure to balance traffic across services using Azure, other cloud services, and on-premises systems. Going into preview is the ability to load balance traffic across private virtual networks.

Microsoft is making Azure more effective for a wider range of tasks with the general availability of two new large virtual machine classes. A8 virtual machines will offer 8 cores and 56GB of RAM. A9 virtual machines have 16 cores and 112GB of RAM. These virtual machines will also include 40Gbps InfiniBand networking. This should extend Azure's reach into certain kinds of compute-intensive tasks such as modelling and simulation for engineering and scientific computing.

Further Reading Need to get a bunch of data onto Windows Azure? FedEx your hard drives

The ability to send data to Azure by hard disk, announced last year , is now also generally available from today.

Perhaps the biggest feature announced in preview today is Azure Files. Azure already has a range of storage options, include queues, tables, virtual hard disks, and arbitrary blocks of binary data. Azure Files provides another option: Azure can offer storage space using the SMB 2.1 protocol. This storage space can then be accessed by Windows' native networking (or Samba, on Linux) to provide a persistent location to store file-based data. Previously, this would require Azure users to run their own virtual machine to offer the file shares. Azure Files removes that management overhead.

Joining these are previews of an API management service, for developers that publish APIs from Azure, and BizTalk Hybrid Connections, that can connect BizTalk in the cloud to on-premises data. The new Azure Managed Cache is now generally available, and a preview of a cache using the open source Redis cache is now in preview.

Security and control of access to data in the cloud are some of the biggest roadblocks to wider adoption of cloud services. Microsoft is announcing some services that should be useful. First is a preview of anti-malware for Azure virtual machines. This service allows anti-malware software (from Symantec, Trend Micro, or Microsoft) to be injected into virtual machines.

Trend Micro will also be offering a disk encryption service for Azure. This will allow Azure to use encrypted disks with the keys to those disks held by Trend Micro servers based in Germany. This may prove attractive to organizations concerned at the US government's ability to request access to data held by US companies, even when that data is held abroad. With this kind of encryption system, Microsoft would only be able to hand over an encrypted copy of the data, and wouldn't have access to the relevant keys.

Finally, Microsoft is extending Azure beyond its current Infrastructure as a Service and Platform as a Service options with Azure RemoteApp. With RemoteApp, organizations can run desktop applications in the cloud and deliver them to end users using remote desktop software on Windows, OS X, iOS, and Android.

Listing image by Flickr user