306: Batch Better Have MySQL: Azure's Maintenance Makeover

Welcome to episode 306 of The Cloud Pod – where the forecast is always cloudy!

This week, we have a bunch of announcements concerning the newest offering from Anthropic – Claude Sonnet 4 and Opus 4, plus container security, Azure MySQL Maintenance, Vertex AI, and Mistral AI. Plus, we’ve got a Cloud Journey installment AND an aftershow – so get comfy and get ready for a trip to the clouds!

Titles we almost went with this week:

😩ECS Failures Now Have 4x the Excuses
🔐Nailing Down Your Container Security, One Patch at a Time
🧾HashiCorp’s New Recipe: Terraform, AI, and a Pinch of MCP
🧑‍💻Teaching an Old DNS New IPv6 Tricks
🏃Dash-ing through the Klusters, in an AWS Console
🛝Google’s Generative AI Playground Gets a Glow-Up
🌑Vertex AI Studio: Now with 200% More Darkness! Like our souls
🎼Claude Opus 4 Strikes a Chord on Google Cloud
🫅Sovereign-teed to Please: Google Cloud’s Royal Treatment
👑Google’s Cloud Kingdom Expands its Borders
🎭Shall I Compare Thee to a Summer’s AI? Anthropic Drops Sonne(t) 4 Knowledge on Vertex
⛈️Mistral AI Chats Up a Storm on Google Cloud
🔮Google Cloud’s Vertex AI Gets a Dose of Mistral Magic
🎳.NET Aspire on Azure: The App Service Strikes Back
🧓Default Outbound Access Retires, Decides Florida Isn’t for Everyone

AI Is Going Great – or How ML Makes Money

01:52 Introducing Claude 4

Claude has launched the latest models in Claude Opus 4 and Claude Sonnet 4, setting new standards for coding, advancing reasoning and AI agents. Maybe they’ll actually follow instructions when told to shut down? (Looking at you, ChatGPT.)
Claude Opus 4 is “the world’s best coding model” with sustained performance on complex, long-running tasks and agent workflows.
Opus 4 has 350 billion parameters, making it one of the largest publicly available language models.
It demonstrates strong performance on academic benchmarks, including research.
Sonnet 4 is a smaller 10 billion parameter model optimized for dialogue, making it well-suited for conversational AI applications.
Alongside the models, they are also announcing:
- Extended thinking with tool use (beta): Both models can use tools – like web search – during extended thinking, allowing Claude to alternate between reasoning and tool use to improve its responses.
- New Model Capabilities: Both models can use tools in parallel, follow instructions more precisely, and when given access to local files by developers — demonstrate significantly improved memory capabilities, extracting and saving key facts maintain continuity and build tacit knowledge over time
- Claude code is now generally available: After receiving extensive positive feedback during our research preview, they are expanding how developers can collaborate with Claude. Claude code now supports background tasks via github actions and native integrations with VS code and jetbrains, displaying edits directly in your files for seamless pair programming.
- New Api capabilities: Four new capabilities on the API that enable developers to build more powerful AI agents including Code Execution tool, MCP connector, Files API and the ability to cache prompts for up to one hour
In the blog post, Claude created a “navigation guide” while playing Pokemon. Maybe it can make me one for Hogwarts Legacy? (Seriously, where the heck are all those demiguise statues…)
Safety seems to be a priority, with extensive testing and evaluation, and implementing measures for AI safety.

03:47 📢 Ryan – “I’ve been in the midst of using this a lot and then going back between 3.7 and 4 – largely due to being rate limited. There’s a noticeable difference in 4.0. It is better at delivering working code the first time without having to go back through multiple iterations, and it’s kind of neat. It’s the first time I’ve ever actually been able to notice a difference, be honest… I don’t think I remember seeing this big of a difference between 3.5 and 3.7.”

07:48 Databricks: Introducing New Claude Opus 4 And Sonnet 4 Models

Databricks has released new versions of their Claude large language models – Opus 4 and Sonnet 4.
These are foundational models that can be adapted for various applications.
The models leverage Databricks’ Lakehouse platform which unifies data warehouses and data lakes.
This allows training the AI on massive datasets spanning structured and unstructured data.
Customers can fine-tune and deploy customized versions of the models on Databricks’ cloud platform

7:55 📢 Ryan – “I look forward to this being announced in every cloud provider for the rest of the show.”

08:34 New Tools And Features In The Responses API

OpenAI has added new tools and features to their Responses API, which allows developers to integrate OpenAI’s language models into their applications.
Key new features include:
- Web browsing tool that allows models to browse websites and extract information to answer questions.
- Math tool for performing mathematical calculations and reasoning
- Code explanation tool that can explain code snippets in natural language.
- Improved code interpreter for running code in a secure sandbox environment.
These new capabilities open up powerful possibilities for developers to create more sophisticated and capable applications powered by OpenAI’s language models.
The web browsing tool in particular is a major step forward, allowing models to access and utilize information from the internet to provide more comprehensive and up-to-date responses.
These enhancements to the Responses API demonstrate OpenAI’s continued innovation and leadership in the field of language AI.
As OpenAI makes their models more flexible and feature-rich, it will enable a new wave of intelligent applications and integrations across industries
Cloud professionals should take note of OpenAI’s progress, as language AI is poised to be a transformative technology that will be widely deployed via APIs and cloud services.

10:01 📢 Matt – “I felt like I needed it when there was new services that came out and I wanted write a script that hits the new PowerShell thing, but it doesn’t know about it yet. That’s where I feel like I hit the edges of AI early on in the LLMs.”

Cloud Tools

11:20 Introducing Hardened Images

Docker Hardened Images (DHI) are secure-by-default container images purpose-built for modern production environments, dramatically reducing the attack surface up to 95% compared to general-purpose base images.
DHI images are curated and maintained by Docker, continuously updated to ensure near-zero known CVEs, all while supporting popular distros like Alpine and Debian for seamless integration.
They integrate with leading security and DevOps platforms like Microsoft, (yes, we said leading security platforms like Microsoft) NGINX, GitLab, Wiz, and JFrog to work with existing scanning tools, registries, and CI/CD pipelines.
DHI solves key challenges around software integrity, attack surface sprawl, and operational overhead from constant patching by providing a minimal, focused base image.
Customization is supported without compromising the hardened foundation, allowing teams to add certificates, packages, scripts and configs tailored to their environment.
Docker monitors and automatically patches Critical and High severity CVEs within 7 days, faster than typical industry response times, simplifying maintenance.
For cloud professionals, DHI offers a drop-in way to dramatically improve container security posture and reduce patching overhead, enabling developers to focus on shipping features.

12:37 📢 Justin – “I’m mostly glad Docker is releasing something that is not just bloat to their desktop client.”

15:51 HashiCorp Releases Terraform MCP Server for AI Integration – InfoQ

HashiCorp released the open-source Terraform MCP Server to improve how AI models interact with infrastructure as code by providing real-time, structured data from the Terraform Registry.
The server exposes module metadata, provider schemas, and resource definitions in a machine-readable format, allowing AI systems to generate more accurate, context-aware Terraform code suggestions.
By leveraging the Model Context Protocol (MCP), the server enables AI models to retrieve up-to-date configuration details and align with the latest Terraform standards, reducing reliance on potentially outdated training data
The Terraform MCP Server has been demonstrated with GitHub Copilot integration, allowing developers to access context-aware recommendations directly from their IDEs.
This release is part of a broader trend in AI-assisted tooling to unify developer workflows through interoperable interfaces, moving away from product-specific AI integrations.
For cloud professionals, the Terraform MCP Server represents a significant step towards more accurate and efficient AI-assisted infrastructure management, potentially reducing errors and improving productivity.

17:21 📢 Matt – “I also read a little bit of how they were implementing it; with the Terraform server with your corporate registry modules. So if you have a platform engineering team, they kind of have these modules predefined for you. It will interact with those in that way… where in real time we’ll pull and say, okay, now you need these variables with your, VS code or whatever your IDE is. So kind of that registry piece of it, I think to me is the key part.”

AWS

18:22 Amazon Aurora DSQL, the fastest serverless distributed SQL database is now generally available

Aurora DSQL is a serverless distributed SQL database that offers unlimited scale, high availability, and zero infrastructure management. It simplifies complex relational database challenges.
Aurora DSQL’s disaggregated architecture enables multi-Region strong consistency with low latency.
It’s designed for 99.99% availability in a single region and 99.999% across multiple regions.
It integrates with AWS services like AWS Backup for snapshots/restore, AWS PrivateLink for private connectivity, CloudFormation for resource management, and CloudTrail for logging.
The Model Context Protocol (MCP) server improves developer productivity by allowing generative AI models to interact with the database using natural language via the Amazon Q Developer CLI.
Key use cases include microservices, event-driven architectures, multi-tenant SaaS apps, data-driven services like payment processing, gaming, social media that require multi-Region scalability and resilience.
Pricing starts at $0 (free tier of 100K DPUs and 1 GB storage per month), then based on Distributed Processing Units and GB-months. Want more info on pricing? You can find that here.

19:44 📢 Matt – “The pricing of it is kind of going in line with the Azure pricing, and I feel like a lot of the other RDS-type pricing where the compute is on the low end, but your storage costs are getting higher.”

22:30 Amazon ECS increases container exit reason message to 1024 characters – AWS

Amazon ECS has increased the character limit for container exit reason messages from 255 to 1024 characters.
This provides more detailed error messages to help customers debug failed containers more effectively.
The extended error messages are accessible via the AWS Management Console and the DescribeTasks API. Look for the “reason” field in the API response.
This feature is available in all AWS regions for ECS tasks running on Fargate Platform 1.4.0+ or EC2 container instances with ECS Agent v1.92.0+.
Any containerized application or microservice running on ECS can benefit from more verbose error messages to speed up troubleshooting of failures and improve observability.
Debugging container failures is a common pain point; increasing the error message limit is a small but impactful change to help developers identify root causes faster, reducing downtime and operational toil. Especially for Justin.
We’re surprised this one took so long, but appy it’s here now!

24:49 DynamoDB local is now accessible on AWS CloudShell – AWS

DynamoDB local is now generally available on AWS CloudShell, allowing developers to test DynamoDB applications directly in the AWS Management Console without incurring costs.
This update integrates with existing DynamoDB APIs to enable local development and testing without impacting production environments.
Developers can start DynamoDB local in CloudShell using the “dynamodb-local” alias, without needing to download or install the AWS CLI or DynamoDB local
To interact with the local DynamoDB instance in CloudShell, use the “–endpoint-url” parameter pointed to “localhost:8000”
It’s ideal for developers building and testing DynamoDB applications who want a quick, low-friction way to run DynamoDB locally.

26:14 📢 Ryan – “I’ve always used CloudShells for very simple CLA cloud tasks; I’ve never really thought about developing inside of a CloudShell…”

27:21 AWS announces IPv6 support for EC2 Public DNS names – AWS

EC2 Public DNS names can now resolve to IPv6 addresses (AAAA records) for EC2 instances and Elastic Network Interfaces, allowing public access to IPv6-enabled instances over IPv6.
Previously, EC2 Public DNS only resolved to IPv4 addresses, requiring use of a specific IPv6 address or custom domain via Route 53 to access IPv6-only instances.
This update enables easier access to IPv6-only instances and simplifies migration to IPv6 by allowing access to dual-stack instances via IPv6 with DNS cutover.
Available in all commercial and GovCloud regions, configured using the same VPC settings as IPv4 EC2 Public DNS.
It will be useful for customers adopting IPv6 who want to simplify access to IPv6-enabled instances without managing IP addresses directly.

30:05 Centralize visibility of Kubernetes clusters across AWS Regions and accounts with EKS Dashboard

EKS Dashboard provides a centralized view of Kubernetes clusters across AWS regions and accounts, making it easier to track inventory, assess compliance, and plan operational activities.
It integrates natively into the AWS Console, eliminating the need for third-party tools and their associated complexity and costs.
The dashboard offers insights into clusters, managed node groups, and EKS add-ons, with data on cluster distribution, version, support status, forecasted costs, and health metrics.
Advanced filtering enables drilling down into specific data points to quickly identify clusters needing attention.
Setup is straightforward, using AWS Organizations’ management and delegated administrator accounts, and enabling trusted access in the EKS console.
EKS Dashboard supports visibility into connected Kubernetes clusters running on-premises or on other clouds, though with more limited data compared to native EKS.
This feature will especially benefit organizations running Kubernetes at scale across multiple regions, accounts, and environments who need unified visibility and control.
For the Cloud Pod audience, EKS Dashboard demonstrates AWS’ continued focus on simplifying Kubernetes operations so customers can focus on their applications.
And it’s GOOD NEWS – EKS Dashboard is available at no additional charge!

31:02 📢 Ryan – “AKA you have a centralized team that you’ve shafted into hosting all the Kubernetes workloads and being the subject matter experts – because there’s no way that you segregate that and decentralize it. And so at least we’re making those poor bastards’ lives easier. So I like this except for the need for it – I don’t like.”

18:22 Anthropic’s Claude 4 foundation models now in Amazon Bedrock – AWS

Anthropic has released the next generation of its Claude AI models, Claude Opus 4 and Claude Sonnet 4, which are now available in Amazon’s Bedrock AI platform.
The Claude 4 models represent significant advancements in AI capabilities, excelling at coding, analyzing data, long-running tasks, content generation, and complex actions.
No, I’m not redoing the links. Scroll up if you need them; but we’re going to be copy/pasting this announcement the rest of the show.

GCP

35:06 Vertex AI Studio, redesigned. Take a look

Vertex AI Studio provides a unified platform to experiment with and customize 200+ advanced foundation models from Google (like Gemini) and partners (like Meta’s Llama, Anthropic’s Claude.)
The redesign focuses on developer experience with faster prompting, easier ways to build, and fresh UI – accelerating prototyping and experimentation with generative AI models.
Integrates end-to-end workflow from prompting to grounding, tuning, code generation and test deployment.
Enhances prompt engineering with prompt management, variables, function calling, examples
Enables building with latest Gemini models for text, image, audio generation and multimodal capabilities.
Simplifies grounding models with real-world data via Google Search, Maps or custom data for improved reliability and trust.
Generates sample code in Python, Android, Swift, Web, Flutter, and cURL – and enables test web app deployment.
Introduces dark mode UI for better visual comfort during long development sessions. Your eyes will thank you! #darkmode4life
Vertex AI Studio serves as the central place to explore Google’s powerful generative AI media models like Veo, Imagen, Chirp, and Lyria.
Pricing details are not provided, but Vertex AI platform likely follows typical usage-based pricing of other GCP services.

36:21 Announcing Gemma 3n preview: powerful, efficient, mobile-first AI

Gemma 3n is a powerful, efficient, mobile-first AI model optimized to run directly on phones, tablets and laptops. It enables real-time, multimodal AI experiences with advanced on-device capabilities.
The model leverages a new shared architecture co-developed with mobile hardware leaders like Qualcomm, MediaTek and Samsung. This positions it well versus other mobile AI offerings.
Gemma 3n uses an innovative technique called Per-Layer Embeddings (PLE) to significantly reduce RAM usage, allowing larger models to run on mobile with 2-3GB memory footprints.
It integrates closely with Google’s broader AI ecosystem, powering the next generation of on-device features like Gemini Nano in Google apps. Developers can preview core capabilities that will come to Android and Chrome.
Real-time speech transcription/translation, voice interactions, and multimodal understanding combining audio, image, video and text inputs are all processed privately on-device.
Gemma 3n represents an important step in democratizing access to cutting-edge, efficient AI and enabling a new wave of intelligent mobile apps with advanced on-device AI.

37:26 📢 Ryan – “As pricing with generative AI goes, you never know what you’re going to get.”

38:35 What’s new with Agents: ADK, Agent Engine, and A2A Enhancements

Google announced major updates to its intelligent agent platform, providing more robust development tools, intuitive management, and seamless agent-to-agent communication.
The Agent Development Kit (ADK) adds new capabilities to create sophisticated agents with greater stability and adaptability.
Vertex AI Agent Engine introduces a new UI to simplify agent lifecycle management, deployment, scaling, and monitoring – accessible from the Google Cloud console.
Enhancements to the Agent2Agent (A2A) protocol enable more sophisticated and reliable interactions between agents, with an updated specification (v0.2) and an official Python SDK.
Industry adoption of A2A is accelerating, with platforms introducing new capabilities for building, deploying and securing A2A agents.
These updates provide a comprehensive, flexible platform for building intelligent agent solutions, unlocking new possibilities across industries
Vertex AI Agent Engine pricing starts at $0.0001 per agent session, with a free tier available (general estimate based on current Vertex AI pricing.)

40:08 📢 Justin – “The biggest thing they need to get though is security. That’s the biggest risk we’ve seen so far…there are a lot of dangers with MCP you should be a little cautious about.”

40:54 Anthropic’s Claude Opus 4 and Claude Sonnet 4 on Vertex AI

Anthropic’s newest Claude models (Opus 4 and Sonnet 4) are now available as a Model-as-a-Service offering on Google Cloud’s Vertex AI platform. This expands the choice of powerful foundation models developers can easily access and deploy.
Who would have guessed?

41:01 Google advances sovereignty, choice, and security in the cloud

Google Cloud is announcing significant updates to its sovereign cloud solutions, giving customers greater control, choice, and security without compromising functionality.
Key offerings include:
- Google Cloud Data Boundary: Allows deploying sovereign data boundaries to control data storage/processing location and manage encryption keys externally.
- Google Cloud Dedicated: Designed to meet local sovereignty requirements through partnerships (e.g. Thales S3NS in France.)
- Google Cloud Air-Gapped: Fully standalone solution not requiring external network connectivity, tailored for intelligence/defense sectors
These solutions leverage Google’s massive global infrastructure (42+ regions, 202 edge locations) and key partnerships across regions.
The updates enable customers to choose solutions aligning with business needs, regulations, and risk profiles – not a one-size-fits-all approach.
Combines local control with access to Google’s leading security like AI-powered defenses, Confidential Computing, post-quantum crypto.
Relevant for organizations navigating complex digital sovereignty landscape, especially in regulated industries and public sector.

42:02 📢 Ryan – “It’s kind of nice the way that Google does this versus AWS, right? AWS has GovCloud – and it’s almost like a separate product and a whole separate authentication, whereas these are built in.”

44:53 Convert AI-generated unstructured data to a BigQuery table

AI.GENERATE_TABLE is a new BigQuery feature that converts unstructured data (images, text) into structured tables using advanced AI models like Gemini 2.5 Pro/Flash.
It builds upon ML.GENERATE_TEXT to streamline the process of extracting insights and making unstructured data compatible with existing data analysis workflows
While AWS and Azure offer some AI services for unstructured data, the tight integration between BigQuery and Vertex AI and the ability to directly generate structured tables sets GCP apart.
The feature leverages large language models and techniques like constrained decoding to accurately extract key information and generate output matching a specified schema.
It integrates seamlessly with BigQuery and Google Cloud Storage, allowing users to analyze the extracted data using familiar SQL queries and tools.
Key use cases include analyzing social media content, processing medical transcriptions, and gaining insights from large collections of documents or images.
This feature democratizes access to advanced AI capabilities, enabling more businesses to derive value from their unstructured data without needing deep AI expertise.

45:31 📢 Ryan – “The ability to sort of take a bucket of unstructured data and then have this – it’s effectively data labeling – AI data labeling of your images and your unstructured data, and then populating that metadata into BigQuery tables is pretty rad.”

46:33 Mistral AI’s Le Chat Enterprise and Mistral OCR 25.05 on Google Cloud

Mistral AI’s Le Chat Enterprise, an AI assistant for enterprise search, custom agents, document libraries and more, is now available on Google Cloud Marketplace. Allowing for the building of custom AI agents without code.
Mistral OCR 25.05, a powerful optical character recognition model for document understanding, is now available as a managed service on Vertex AI.
It can comprehend text, charts, tables, equations in documents with high accuracy.
Compared to other cloud AI platforms, Google Cloud offers an open, flexible ecosystem to build custom AI solutions by integrating pre-trained models like Mistral’s.
Le Chat Enterprise leverages Google Cloud’s secure, scalable infrastructure and integrates with services like BigQuery and Cloud SQL.
Mistral OCR is one of 200+ foundation models in Vertex AI Model Garden.
Research analysis, generating insights from data, code development, content creation with Le Chat. Digitizing scientific papers, historical documents, customer service docs with Mistral OCR are all use cases.
Industries that can benefit include finance, marketing, research institutions, customer service, engineering, legal and more.
These Mistral AI offerings expand the options for enterprises to build generative AI agents and document AI pipelines on Google Cloud without needing to train custom models from scratch.
Interested in pricing info? Reach out to the sales team via the Google Marketplace Listing.

47:34 📢 Matt- “The concept of the paperless corporate environment is still not here, and this proves it.”

Azure

49:23 Announcing the General Availability of Azure FXv2-series Virtual Machines

Azure FXv2-series Virtual Machines, powered by 5th Gen Intel Xeon Platinum processors, are now generally available for compute-intensive workloads like databases, analytics, and EDA.
Integrates with Azure Boost for improved networking, storage, CPU performance and security, and supports all Azure remote disk types including Premium SSD v2 and Ultra Disk.
Offers up to 50% better CPU performance vs previous FXv1-series, with up to 96 vCPUs, 1832 GiB memory, and enhanced AI capabilities with Intel AMX
Competes favorably with similar compute-optimized instances from AWS (C6i) and GCP (C2), with higher core counts and memory.
Targets customers running SQL Server, Oracle databases, supply chain solutions, and mission-critical apps requiring high IOPS and low latency.
Premium AND Ultra disks. Cool!

50:52 Red Hat OpenShift Virtualization on Azure Red Hat OpenShift in Public Preview

Unifies management of VMs and containers on a single platform, allowing organizations to modernize at their own pace while leveraging existing VM investments.
Integrates with Azure services like Azure Hybrid Benefit for cost savings, Azure security tools for enhanced protection, and Azure Red Hat OpenShift for a managed OpenShift platform.
Utilizes the KVM hypervisor and Red Hat Enterprise Linux for improved virtualization performance and security.
Differentiates from AWS and GCP by offering a fully managed, jointly engineered Red Hat OpenShift platform with native virtualization capabilities.
Targets customers in industries like financial services, healthcare, manufacturing, and retail who need to modernize legacy applications incrementally.
There is no additional fee for OpenShift Virtualization, but standard ARO pricing for worker nodes applies (Starts at $0.171/hour for a 4 vCPU worker node.)

55:14 Announcing key maintenance experience enhancements for Azure Database for MySQL

Provides more control, visibility and predictability over how maintenance is orchestrated across Azure Database for MySQL environments.
Virtual Canary (GA) Allows enrolling specific servers into an early maintenance ring to validate updates before broader rollout. Simplifies detecting potential compatibility issues early.
Maintenance Batches explicitly assign servers to different execution batches within the same maintenance window. Ensures maintenance proceeds in a predictable, user-defined order.
Maintenance Rollout Status Check (in preview) provides a centralized view of maintenance activity across servers. Users can monitor rollout progress and identify anomalies from the Azure Portal or programmatically via Azure Resource Graph.
Improves transparency, reliability and alignment with enterprise deployment strategies for Azure Database for MySQL maintenance
Targets customers running development workloads or managing complex multi-environment MySQL rollouts on Azure.

55:44 📢 Matt- “It’s a decently nice feature; it’s just amazing it rolled out on Azure first.”

57:44 Warehouse Snapshots in Microsoft Fabric (Preview)

Guess what this does? Did you guess right? Warehouse Snapshots provides a stable, read-only view of an Azure Data Warehouse at a specific point in time, ensuring data consistency for analytics and reporting without disruptions from ETL processes.
Snapshots can be seamlessly rolled forward to reflect the latest warehouse state, allowing consumers to access the same snapshot using a consistent connection string.
This feature integrates with the Microsoft Fabric ecosystem, enabling users to create, manage, and query snapshots using the Fabric portal, T-SQL, or the Fabric API.
Warehouse Snapshots offer benefits such as guaranteed data consistency, immediate roll-forward updates, historical analysis capabilities, and enhanced reporting accuracy.
While AWS Redshift and Google BigQuery offer similar snapshot features, Azure’s Warehouse Snapshots stand out with their seamless integration into the Microsoft Fabric ecosystem and the ability to roll forward snapshots atomically.
Target customers include data engineers and analysts who require stable datasets for accurate reporting and analytics, even as real-time updates occur in the background.

58:16 📢 Ryan – “Very cool. This protects you from Little Johnny drop table!”

58:42 Getting Started with .NET Aspire (Preview) on Azure App Service – Azure App Service

Azure App Service now offers preview support for deploying .NET Aspire applications, enabling developers to host their distributed apps on Azure’s fully managed platform.
.NET Aspire is Microsoft’s new framework for building modern distributed applications, and this integration brings it into the broader Azure ecosystem.
Developers can use familiar tools like Visual Studio and the Azure Developer CLI (azd) to build, deploy, and manage their Aspire apps on App Service.
While AWS and GCP offer similar managed platforms, the tight integration between .NET Aspire and Azure App Service provides a streamlined experience for .NET developers.
This preview targets .NET developers looking to build and deploy distributed applications with minimal infrastructure management.
Pricing varies based on App Service Plan and usage, but a Free tier is available for testing and small workloads.

1:01:32 Secure your subnet via private subnet and explicit outbound methods | Microsoft Community Hub

File this under “news we’re kind of shocked about” – Azure is retiring implicit outbound connectivity for VMs in Sept 2025. This default outbound access assigns public IPs that are insecure and hard to manage.
The new private subnet feature (in preview) prevents implicit outbound access. VMs in a private subnet require an explicit outbound method to connect to the internet.
Azure’s recommended explicit outbound methods are: 1) NAT Gateway, 2) public load balancer with outbound rules, 3) public IP on the VM NIC.
NAT Gateway is the preferred option – it provides secure, scalable outbound connectivity by SNAT’ing private IPs to a static public IP. No inbound connections are allowed.
Load balancers with outbound rules also SNAT private IPs but require manual allocation of SNAT ports to each backend VM. This allows declarative control but is less scalable.
Public IPs on VM NICs give control over the outbound IP but don’t scale well for complex workloads needing many-to-one SNAT that adjusts to traffic.
These explicit methods integrate with Azure Virtual Network and follow a precedence order if multiple are configured (NAT Gateway > LB > Public IP).
The shift to explicit outbound aligns with Azure’s secure-by-default approach. It matters for security-conscious customers running internet-facing workloads on Azure VMs.
NAT Gateway pricing estimate: $0.045/hour + $0.045 per GB processed (varies by region, general estimate.)

1:03:11 📢 Matt – “There is one other option, which is using the Azure Firewall to write everything through it. It has a lower limit if you need more than the number of Snap ports running. So if you go to Firewall versus the NAT, but also they made the announcement that they were retiring implicit outbound connectivity in like 2022 or 2023. They’re ending it in September and they’re just GA’ing this feature in May… to me, this is like Azure’s running EC2 classic still, and they’re finally moving into let’s actually use our VNets and VPCs.”

Cloud Journey

1:01:32 Justin Does a Thing: Bolt Bot

Aftershow

1:01:32 SilverStone is back with a beige PC case that looks just like your crappy old 486 – Ars Technica

SilverStone has unveiled the FLP02, a new PC case that pays homage to the beige tower cases of the 486 and early Pentium era, complete with a faux Turbo button and power switch lock.
Despite its retro exterior, the FLP02 can accommodate modern high-end components, including full-size ATX motherboards, 360mm radiators, and the latest GPUs like the GeForce RTX 5090 or 5080.
While not directly related to cloud computing, the FLP02 showcases the enduring appeal of nostalgia in the tech industry and how it can drive consumer interest and sales.
The case’s ability to blend vintage aesthetics with cutting-edge hardware demonstrates the flexibility and adaptability of modern PC components, a principle that also applies to cloud infrastructure.

Closing

And that is the week in the cloud! Visit our website, the home of the Cloud Pod where you can join our newsletter, slack team, send feedback or ask questions at theCloud Pod.net or tweet at us with hashtag #theCloudPod

Maintenance Mysql

306: Batch Better Have MySQL: Azure’s Maintenance Makeover