Enabling easy-to-use and HSM-backed key and secret security with Azure Key Vault

The availability of the G-series , the largest VM in the public cloud

, the largest VM in the public cloud Building on our openness with the availability of the first Docker Image in the Microsoft Azure Marketplace

Azure Key Vault Public Preview

Enhanced data protection and compliance - Protect cryptographic keys and sensitive data like passwords with asymmetric keys in Hardware Security Modules (HSMs) with FIPS 140-2 level 2 and Common Criteria EAL4+ certification.

- Protect cryptographic keys and sensitive data like passwords with asymmetric keys in Hardware Security Modules (HSMs) with FIPS 140-2 level 2 and Common Criteria EAL4+ certification.

All the control, none of the work - Provision new vaults and keys in minutes and centrally manage keys, sensitive data, and policies. You maintain control over your encrypted data—simply grant permission for your own and third party applications to use keys as needed. The service offers a unified programming model across key types, so it is easy to enable developers to develop and test with software-protected keys and migrate seamlessly to production with HSM-protected keys without any code changes.

- Provision new vaults and keys in minutes and centrally manage keys, sensitive data, and policies. You maintain control over your encrypted data—simply grant permission for your own and third party applications to use keys as needed. The service offers a unified programming model across key types, so it is easy to enable developers to develop and test with software-protected keys and migrate seamlessly to production with HSM-protected keys without any code changes.

Achieve scale and boost performance - Improve performance of cloud applications by storing cryptographic keys in the cloud. Key Vault scales with the demand of your cloud application without compromising on security. It offers HSM-protected key management that is truly ready for cloud-scale applications.

G-Series VM Sizes availability

VM Size Cores RAM (in GiB)* Local SSD Storage (in GB)* Persistent Data Disks Max Standard_G1 2 28 412 4 Standard_G2 4 56 824 8 Standard_G3 8 112 1,649 16 Standard_G4 16 224 3,298 32 Standard_G5 32 448 6,596 64

First Docker image in the Azure Marketplace

In October , we outlined how Microsoft is delivering the industry’s most complete cloud platform and discussed many enhancements to our hyper-scale, enterprise-grade and hybrid Azure platform. Azure is the only cloud that delivers on all three, providing a truly unique cloud offering that enables differentiated and open solutions for customers. Today, we are bringing more value to our customers and delivering on some promises that we made in October. These new capabilities include:Organizations often have significant challenges in controlling and maintaining the safety of their keys and passwords that protect their data in the cloud. Many customers store cryptographic keys in on-premises Hardware Security Module (HSM) appliances, which are costly and difficult to manage. They don’t scale to meet the needs of cloud applications and can slow down applications by requiring a round trip to the on-premises HSM every time a cryptographic operation needs to be performed. Azure Key Vault helps customers safeguard and control keys and secrets using HSMs in the cloud, with ease and at cloud-scale. Key Vault can be configured in minutes, without the need to deploy, wait for, or manage an HSM and has a single programming model across HSM-protected and software-protected keys. The service scales to meet your needs, and is available in multiple regions to enable application redundancy. This makes it easier and more economical for customers to encrypt sensitive data, sign certificates, and safeguard secrets in the cloud. For example, with Key Vault, customers can easily encrypt a SQL Server Virtual Machine with TDE (Transparent Data Encryption) using the SQL Server Connector available for Key Vault. Furthermore, customers can deploy an encrypted Virtual Machine with CloudLink SecureVM with the master keys in Key Vault. With Key Vault, we are providing customers with:Today, the Key Vault Preview is available in East US, North Central US, North Europe, West Europe, East Asia, and Southeast Asia. We expect to enable more regions over the next few months. To learn more about Key Vault or for a more technical deep dive, please read Dan’s blog here . Pricing details can be found here Today, we’re announcing the General Availability release of a new series of VM sizes for Azure Virtual Machines called the G-series. G-series sizes provide the most memory, the highest processing power and the largest amount of local SSD of any Virtual Machine size currently available in the public cloud. This extraordinary performance will allow customers to deploy very large and demanding enterprise applications. G-series offers up to 32 vCPUs using the latest Intel® Xeon® processor E5 v3 family , 448GB of memory, and 6.59 TB of local Solid State Drive (SSD) space. This large amount of memory will enable much faster deployments of mission critical applications such as large relational database servers like SQL Server and MySQL and large NoSQL and BigData solutions like MongoDB, Cassandra, Cloudera, xTremeData, and DataStax. These new sizes also increase the maximum count of attached data disks to 64, enabling the attachment of up to 64 TBs of persistent disks in Azure Storage. The new sizes are defined as follows:*In the table above GB is 1000and GiB is 1024Today, these Virtual Machine sizes are available in West US. We are working to add support for additional regions. To learn more about how to deploy these exciting new sizes, please read Drew’s blog here In October, we made several announcements about Azure embracing Docker as a core part of our application and infrastructure investments going forward. Today marks another milestone of the Microsoft Azure integration with Docker container technology and ecosystem with a fully integrated Docker engine on an Ubuntu image, available in the Azure Marketplace. Users can now easily select a Docker gallery item and provision an Azure Ubuntu VM with the latest Docker engine immediately ready to use. Just give your credentials and SSH to the VM. Previously, Azure customers could do this by installing the Docker Azure extension to a running Linux VM. Today, we make it even easier to get started on Docker. Users will continue to have the flexibility to use our extension model to inject a Docker engine into all supported Linux VMs – details here . This is just the first of many additional integrations of the Docker ecosystem into Microsoft Azure, directly through the Azure Management portal and Azure Gallery . To learn more about how to deploy and use this new gallery solution, please read Khalid’s post here . It is an exciting time in the cloud industry and the Azure team continues to innovate at a rapid rate. We are seeing customer adoption of more than 10,000 new customers signing up to Azure each week and we are excited to offer Microsoft Azure services that enhance the security, scale, and flexibility required by our customers.