Microsoft Corp. today added a family of memory-optimized instances to its Azure public cloud, along with new features designed to help customers manage and secure their environments.

The additions were announced at the company’s virtual Ignite event.

The newly added Msv2 instance family is geared toward running memory-intensive workloads such as SAP SE’s HANA in-memory database. There are seven different instance configurations in the lineup. The most powerful provides more than 4 terabytes of memory along with 192 virtual central processing units, or vCPUs, that applications can use to analyze the data they ingest. Microsoft says the 192 vCPUs provides up to 20% more computing power than earlier instances.

In addition to expanding the number of instances available on Azure, Microsoft is also making them easier to manage. The company has debuted a new version of the Azure Automanage management automation service that works with instances running Linux. Azure Automanage, which previously only supported Windows, can automatically perform tasks such as applying security updates and fixing incorrectly defined configuration settings.

In the cybersecurity department, Microsoft has made two key additions designed to make Azure instances easier to protect from hackers. The first is a capability called Trusted Launch, while the other is a new option for managing encryption keys.

Trusted Launch uses specialized hardware modules deployed in Azure data centers to cryptographically verify the operating system and firmware of an instance every time it boots. This verification process catches rootkits, a type of malware that embeds itself into a machine’s firmware to avoid detection. Trusted Launch also allows companies to enable another security feature available for Azure instances, Windows Defender Credential Guard, which isolates applications’ most sensitive data to protect it from theft.

The second major cybersecurity addition Microsoft introduced today is a setting the company refers to as auto-key rotation. Large organizations sometimes deploy their own encryption keys to protect data they store in the cloud, which is more complicated than using the default encryption features but provides additional control. The new setting allows keys to be automatically refreshed at specific intervals to reduce the risk of data breaches.

Microsoft introduced a number of more narrowly focused enhancements alongside the security features, Automanage update and its latest instance lineup. There’s a new integration with VMware Inc.’s SD-WAN networking platform that will make it easier for companies to link their branch offices to Azure. Microsoft is also updating its Azure Migrate service to make moving VMware virtual machines and Microsoft SQL Server databases to Azure simpler. 

Image: Microsoft