DoD IL5 scope expands to all Azure Government regions
Earlier this month we announced that Microsoft has expanded the IL5 Provisional Authorization (PA) granted by the Department of Defense (DoD) to all Azure Government regions. This expanded coverage brings more PaaS features and services at Impact Level 5 (IL5) to customers than any other cloud provider.
With six regions across the United States now offering services at IL5, mission owners benefit from greater choice in terms of cost optimization, decreased latency, expanded geo-redundancy, and options for disaster recovery (DR). Today, more than 25 services are available across all Azure Government regions at IL5, and this will continue to expand as we bring additional services to Azure Government.
With more PaaS services at IL5, mission owners can more easily leverage these managed services to accelerate outcomes. For example, development teams can use Azure App Service to quickly create cloud apps using a fully managed platform, or Azure SQL Database for a fully managed relational cloud database service that provides the broadest SQL Server engine compatibility.
When supporting IL5 workloads on Azure Government, you can meet the DoD isolation requirements in different ways. The isolation guidelines for IL5 workloads documentation page addresses configurations and settings for the isolation required to support IL5 data and workloads.
With detailed instructions per service, this documentation page will be maintained to provide updated guidance on each of the services available in Azure Government at IL5 (read: we recommend bookmarking this page).
Expanded service availability at IL5
One of the many net-new capabilities this expanded coverage provides is deploying workloads on GPU-enabled VMs. For example, you can use the NV24 hardware. The NV-series enables powerful remote visualization workloads and other graphics-intensive applications backed by the NVIDIA Tesla M60 GPU.
When deployed, specific VM types consume the entire physical host for that VM. These VMs provide the necessary level of isolation required to support IL5 workloads when deployed outside of the dedicated DoD regions.
|VM Family||VM SKU|
|D-Series – General Purpose||Standard_DS15_v2Standard_D15_v2|
|Large Memory Optimized||Standard_M128ms|
|GPU Enabled VMs||Standard_NV24|
Current VM SKUs that offer necessary compute isolation as of April 19, 2019
Another example of expanded service availability is around services such as Azure SQL and Azure Storage across all Azure Government regions. With the capability of using customer managed keys for encryption at rest, these services can be utilized from any of the Azure Government regions at IL5.
As a reminder, Storage Service Encryption with customer managed keys uses Azure Key Vault, providing highly available and scalable secure storage for RSA cryptographic keys. Key Vault streamlines the key management process and enables customers to maintain full control of keys used to encrypt data, manage, and audit their key usage.
In this episode of the Azure Government video series, Steve Michelotti, Principal Program Manager, Azure Government, sits down with Zach Kramer, Principal Group PM Manager, Azure Government, to discuss the IL5 expansion in Azure Government.
Zach shows the documentation guidance for IL5 workloads, along with a demo of how easy it is to use numerous Azure services – regardless of the Azure Government region – in compliance with IL5 standards. You’ll also learn some encryption best practices for your data, including how to separate it and manage the keys effectively, helping the IL5 mission owner stay in control of their data.
The isolation guidelines for IL5 workloads documentation page addresses configurations and settings for the isolation required to support IL5 data.
As mentioned above, we recommend bookmarking this page as we’ll be updating it on a regular cadence to add new options for isolation and add new services that have made it through the DoD approval process. This will enable you to build numerous applications with high-order capabilities, whether it’s robust types of virtual machines, different high-level services like Azure Functions, or other mission-critical services for your Impact Level 5 workloads.