323: Databricks One: Because Seven Eight Nine

Welcome to episode 323 of The Cloud Pod, where the forecast is always cloudy! Justin, Matt and Ryan are in the studio tonight to bring you all the latest in cloud and AI news! This week we have a close call from Entra, some DeepSeek news, Firestore, and even an acquisition! Make sure to stay tuned for the aftershow – and Matt obviously falling asleep on the job. Let’s get started!

Titles we almost went with this week

🔑When One Key Opens Every Door: Microsoft’s Close Call with Cloud Catastrophe
🪨Bedrock Goes Qwen-tum: Alibaba’s Models Join the AWS Party
🔍DeepSeek and You Shall Find V3.1 in Bedrock
🐀GPUs of Unusual Size? I Don’t Think They Exist (Narrator: They Do)
🌜Kubernetes Without the Kubernightmares
🛞Firestore and Forget: AI Takes the Wheel SCPs Get Their Full License: IAM Language Edition
💻Do What I Meant, Not What I Prompted
💵Atlassian Pays a Billion to DX the Developer Experience
🪪Entra at Your Own Risk: The Azure Identity Crisis That Almost Was
🤓Oracle Intelligence: The AI Nobody Asked For
🧀Wisconsin Gets Cheesy with AI: Microsoft’s Dairy State Datacenter
🔓Azure Opens the Data Floodgates (But Only in Europe)
🔐PostgreSQL Gets a Security Blanket and Won’t Share Its TEEs
🌿Microsoft’s New Cooling System Has Veins Like a Leaf and Runs Hotter Than Your Gaming PC
🦶Azure Gets Cold Feet About Hot Chips, Decides to Go With the Flow

AI Is Going Great – Or How ML Makes Money

00:58 Google and Kaggle launch AI Agents Intensive course

Google and Kaggle are launching a 5-day intensive course on AI agents from November 10-14.
This follows their GenAI course that attracted 280,000 learners, with curriculum covering agent architectures, tools, memory systems, and production deployment.
The course focuses on building autonomous AI agents and multi-agent systems, which represents a shift from traditional single-model AI to systems that can independently perform tasks, make decisions, and interact with tools and APIs.
This development signals growing enterprise interest in AI agents for cloud environments, where autonomous systems can manage infrastructure, optimize resources, and handle complex workflows without constant human intervention.
The hands-on approach includes codelabs and a capstone project, indicating Google’s push to democratize agent development skills as businesses increasingly need engineers who can build production-ready autonomous systems.
The timing aligns with major cloud providers racing to offer agent-based services, as AI agents become essential for automating cloud operations, customer service, and business processes at scale.
Interested in registering? You can do that here.

Cloud Tools

03:21 Atlassian acquires DX, a developer productivity platform, for $1B

Atlassian is acquiring DX, a developer productivity analytics platform, for $1 billion after failing to build their own solution internally for three years.
DX analyzes engineering team productivity, and identifies bottlenecks without making developers feel surveilled.
DX provides both qualitative and quantitative insights into developer productivity, helping enterprises understand what’s slowing down their engineering teams.
The platform serves over 350 enterprise customers including ADP, Adyen, and GitHub.
The acquisition is particularly timely, as companies struggle to measure ROI on AI tool investments and understand if their growing AI budgets are being spent effectively. DX can help track how these tools impact developer productivity.
90% of DX’s customers already use Atlassian tools, making this a natural integration that creates an end-to-end workflow.
Teams can identify bottlenecks with DX analytics then use Atlassian’s project management tools to address them.
Despite serving major enterprises and tripling their customer base annually, DX raised less than $5 million in venture funding. This bootstrapped approach aligned with Atlassian’s own growth philosophy.

04:30📢 Justin – “I use DX, I actually really like DX, some I’m hoping Atlassian doesn’t F it up.”

AWS

06:51 Qwen models are now available in Amazon Bedrock | AWS News Blog

Amazon Bedrock adds four Qwen3 models from Alibaba, including mixture-of-experts (MoE) and dense architectures, with the largest Qwen3-Coder-480B having 480B total parameters but only activating 35B per request for efficient inference.
The models introduce hybrid thinking modes that allow developers to choose between step-by-step reasoning for complex problems or fast responses for simpler tasks, helping balance performance and cost trade-offs.
Qwen3-Coder models support up to 256K tokens natively (1M with extrapolation), enabling repository-scale code analysis and long-context processing without chunking, while maintaining strong performance on coding benchmarks.
All models are available as fully managed serverless offerings across multiple regions with no infrastructure setup required, and Amazon Bedrock automatically enables access for all AWS accounts starting October 2025.
Key use cases include agentic workflows with built-in tool calling capabilities, code generation across entire repositories, and cost-optimized deployments using the smaller Qwen3-32B dense model for edge computing scenarios.

07:22 DeepSeek-V3.1 model now available in Amazon Bedrock | AWS News Blog

DeepSeek-V3.1 is now available in Amazon Bedrock as a fully managed foundation model that switches between thinking mode for step-by-step reasoning and non-thinking mode for faster direct answers, with AWS being the first cloud provider to offer DeepSeek models in a serverless deployment.
The model delivers improved performance in code generation, debugging, and software engineering workflows while supporting over 100 languages with near-native proficiency, making it suitable for global enterprise applications and multilingual customer service implementations.
Key technical capabilities include enhanced tool calling through post-training optimization, structured tool usage for agentic workflows, and integration with Amazon Bedrock Guardrails for implementing custom safeguards and responsible AI policies.
Available in 5 AWS regions (US West Oregon, Asia Pacific Tokyo/Mumbai, Europe London/Stockholm) with support for both InvokeModel and Converse APIs, allowing developers to toggle between reasoning modes based on use case requirements.
AWS is simplifying model access by automatically enabling all serverless foundation models for every AWS account starting October 2025, eliminating manual activation while maintaining IAM and SCP controls for administrators to restrict access as needed.

08:00 📢 Justin – “I’m still skeptical about DeepSeek; because it sounded like it was derivative of ChatGPT, so I don’t really know what you’re getting out of it, other than it’s something cheaper.”

08:34 Amazon RDS for MySQL announces Innovation Release 9.4 in Amazon RDS Database Preview Environment

Amazon RDS now offers MySQL Innovation Release 9.4 in its Database Preview Environment, giving customers early access to the latest MySQL features including bug fixes, security patches, and new capabilities before general availability.
The Preview Environment provides a fully managed database experience for testing MySQL 9.4 with both Single-AZ and Multi-AZ deployments on latest generation instances, though databases are automatically deleted after 60 days.
MySQL Innovation Releases follow a different support model than LTS versions – Innovation releases are only supported until the next minor release while LTS versions like MySQL 8.0 and 8.4 receive up to 8 years of community support.
Preview Environment instances are priced identically to production RDS instances in US East (Ohio), making it cost-neutral for organizations to test new MySQL versions before committing to production upgrades.
This preview capability allows database teams to validate application compatibility and performance with MySQL 9.4 features in a production-like environment without risking their main workloads.
https://dev.mysql.com/blog-archive/introducing-mysql-innovation-and-long-term-support-lts-versions/
Please: DO NOT use this for production!

09:45 📢 Ryan – “My experience with database upgrades is the opposite. No matter how much preview is offered in time and enticement, you’ll still have to kick everyone off the older version kicking and screaming.”

11:50 AWS Organizations supports full IAM policy language for service control policies (SCPs)

AWS Organizations now supports the full IAM policy language for Service Control Policies (SCPs), enabling conditions, individual resource ARNs, and NotAction elements with Allow statements – bringing SCPs to feature parity with IAM managed policies.
This enhancement allows organizations to create more precise permission guardrails, such as restricting access to specific S3 buckets or EC2 instances across all accounts using condition statements, rather than blanket service-level restrictions.
The addition of wildcards at the beginning or middle of Action strings, and the NotResource element enables more flexible policy patterns, reducing the need for multiple SCPs to achieve complex permission boundaries.
Existing SCPs remain fully compatible with no migration required, making this a zero-friction upgrade that immediately benefits organizations using AWS Organizations for multi-account governance.
The feature is available in all commercial and GovCloud regions at no additional cost, strengthening AWS Organizations’ position as the primary tool for enterprise-wide security governance.

12:43 📢 Ryan – “They actually had the stones to say zero friction and SCP in the same article, huh?”

14:11 Amazon Q Developer CLI announces support for remote MCP servers

Amazon Q Developer CLI now supports remote Model Context Protocol (MCP) servers, enabling centralized tool management with HTTP transport and OAuth authentication for services like Atlassian and GitHub.
This shifts compute resources from local machines to centralized servers, reducing individual developer workload while providing better access control and security management for development teams.
Remote MCP servers allow Q Developer CLI to query available tools from external services after authentication, making third-party integrations more scalable across development organizations.
Configuration requires specifying HTTP transport type, authentication URL, and optional headers in either custom agent configuration or mcp.json files.
The feature is available in both Q Developer CLI and IDE plugins, expanding the ways developers can leverage centralized tool management in their existing workflows.

15:18 📢 Justin – “I think having it centralized is ideal, especially from a security and access control perspective. It’s a bit of a problem when these MCPS are running on everyone’s laptops – because that means they may not be consistent, they may not all follow all the same permissions models you need them to, or different access rights…so there’s lots of reasons why you’d like to have a remote MCP.”

15:54 Accelerate AI agent development with the Nova Act IDE extension

AWS launches Nova Act extension, a free IDE plugin for VS Code, Cursor, and Kiro that enables developers to build browser automation agents using natural language prompts and the Nova Act model without switching between coding and testing environments.
The extension features a notebook-style builder mode that breaks automation scripts into modular cells for individual testing, plus integrated debugging with live browser preview and execution logs for complex multi-step workflows.
Developers can generate automation scripts through natural language chat or use predefined templates for common tasks like shopping automation, data extraction, QA testing, and form filling, then customize with APIs and authentication.
Built on the open-source Nova Act SDK (Apache 2.0 license), the extension provides a complete agent development lifecycle within the IDE – from prototyping with natural language to production-grade script validation.
This positions AWS deeper into the AI agent development space, competing with standalone automation tools by integrating agent creation directly into developer workflows at no additional cost beyond Nova Act API usage.

17:39 📢 Ryan – “I get why this is more than just a model, right? This is a specific workflow for development, and there’s clearly extensions and features in here that are above and beyond what’s in Kiro and Q, presumably, but they’d have to be really good.”

GCP

18:07 New GCE and GKE dashboards strengthen security posture

Google embeds Security Command Center insights directly into GCE and GKE consoles, providing security dashboards that surface misconfigurations, vulnerabilities, and active threats without requiring separate security tools or interfaces.
The GCE dashboard displays top security findings, vulnerability trends over time, and CVE prioritization powered by Google Threat Intelligence and Mandiant analysis, helping teams identify which VMs to patch first based on exploitability and impact.
GKE’s security dashboard focuses on workload configurations, container threats like cryptomining and privilege escalation, and software vulnerabilities specific to Kubernetes environments, addressing common container security blind spots.
While basic security findings are included free, accessing vulnerability and threat widgets requires Security Command Center Premium with a 30-day trial available, positioning this as a value-add upsell for existing GCP customers.
This integration approach differs from AWS and Azure which typically require navigating to separate security services, potentially reducing context switching for infrastructure teams managing day-to-day operations.

18:58 📢 Ryan – “I got to play around with this and it’s really cool. I love getting that security information front and center for developers and the people actually using the platform. You know, as, as a security professional, we have all this information that’s devoid of context, and, if you’re lucky, you know enough to build a detection and be able to query a workflow. It’s going to just fire off a ticket that no one’s going to look at. And so this is, I think, putting it right in the console, I think that some people – not everyone – will take the initiative and be like, this is very red. I should make it not so red.”

20:53 Firestore support and custom tools in MCP Toolbox

Google expands MCP Toolbox to support Firestore, enabling developers to connect AI assistants directly to their NoSQL databases through natural language commands for querying, updating documents, and validating security rules.
The integration allows developers to perform database operations without writing code – for example, asking an AI assistant to “find all users whose wishlists contain discontinued product IDs” or “remove specific items from multiple user documents” directly from their IDE or CLI.
This positions Google alongside Anthropic’s Model Context Protocol standard, providing a unified way for AI systems to interact with enterprise data sources, though AWS and Azure haven’t announced similar MCP-compatible database tooling yet.
The Firestore tools support document retrieval, collection queries, document updates, and security rule validation, addressing common developer pain points like debugging data issues and testing access controls before deployment.
Web and mobile app developers building on Firestore can now complete tasks that previously required manual console navigation or custom scripts in minutes through conversational AI, particularly useful for e-commerce, social apps, and any application with complex document structures.

21:46 📢 Ryan – “As someone who never wants to write SQL queries ever again, I love these types of things. This is exactly how I want to interact with a database.”

23:17 How are developers using AI? Inside Google’s 2025 DORA report

Google’s 2025 DORA report shows AI adoption among software developers has reached 90%, up 14% from last year, with developers spending a median of 2 hours daily using AI tools for development tasks.
Despite 80% of developers reporting productivity gains and 59% seeing improved code quality, a trust paradox exists where 30% trust AI “a little” or “not at all”, suggesting AI serves as a supportive tool rather than replacing human judgment.
The report identifies seven team archetypes from “Harmonious high-achievers” to “Legacy bottleneck” teams, revealing that AI acts as both a mirror and multiplier – amplifying efficiency in cohesive organizations while exposing weaknesses in fragmented ones.
Google introduces the DORA AI Capabilities Model, a blueprint of seven essential capabilities combining technical and cultural factors needed for successful AI adoption in software development organizations.
While AI adoption now correlates with higher software delivery throughput (reversing last year’s findings), organizations still face challenges ensuring software quality before delivery, indicating adoption alone doesn’t guarantee success.
HBR Article Justin and Ryan mentioned: https://hbr.org/2025/09/ai-generated-workslop-is-destroying-productivity

Azure

31:25 Microsoft’s Entra ID vulnerabilities could have been catastrophic

Security researcher Dirk-jan Mollema discovered two critical vulnerabilities in Microsoft’s Entra ID (formerly Azure Active Directory) that could have allowed attackers to gain global administrator privileges across all Azure customer tenants worldwide, potentially compromising every organization’s user identities, access controls, and subscription management tools.
The vulnerabilities enabled an attacker with just a test or trial tenant to request tokens that could impersonate any user in any other tenant, allowing them to modify configurations, create admin users, and essentially achieve complete control over customer environments – a scenario that represents one of the most severe cloud security risks possible.
Microsoft has presumably patched these vulnerabilities following Mollema’s responsible disclosure, but the incident highlights the concentration risk of centralized cloud identity systems where a single vulnerability can expose millions of organizations simultaneously, unlike traditional on-premises Active Directory deployments.
This discovery underscores why organizations need defense-in-depth strategies even when using major cloud providers, including monitoring for unusual administrative actions, implementing conditional access policies, and maintaining incident response plans that account for potential cloud provider compromises.
For Azure customers, this serves as a reminder to review Entra ID security configurations, enable all available security features like Privileged Identity Management, and ensure proper logging and alerting are configured to detect potential unauthorized access attempts or configuration changes.

32:52 📢 Matt – “We had a problem. We fixed the problem. Buy more stuff from us so you don’t have any problems in the future.”

36:56 Inside the world’s most powerful AI datacenter – The Official Microsoft Blog

Microsoft unveiled Fairwater in Wisconsin, a 315-acre AI datacenter with 1.2 million square feet that operates as a single supercomputer using NVIDIA GB200 servers with 72 GPUs per rack delivering 865,000 tokens per second, positioning it as 10x more powerful than current supercomputers.
The facility uses closed-loop liquid cooling with zero operational water waste and a two-story rack configuration to minimize latency, while Azure’s reengineered storage can handle over 2 million read/write transactions per second per account with exabyte-scale capacity.
Microsoft is building identical Fairwater datacenters across the US and partnering with nScale for facilities in Norway and the UK, all interconnected via AI WAN to create a distributed supercomputer network that pools compute resources across regions.
This infrastructure specifically targets OpenAI, Microsoft AI, and Copilot workloads, with Azure being first to deploy NVIDIA GB200 at datacenter scale – a notable advantage over AWS and GCP who haven’t announced similar GB200 deployments.
The investment represents tens of billions of dollars and positions Microsoft to offer frontier AI training capabilities that smaller cloud providers can’t match, though pricing details weren’t disclosed and will likely command premium rates given the specialized hardware.

40:17 Introducing new update policy for Azure SQL Managed Instance | Microsoft Community Hub

Azure SQL Managed Instance now offers three update policy options: Always-up-to-date for immediate access to new SQL engine features, SQL Server 2022 for fixed feature sets matching on-premises versions, and the new SQL Server 2025 policy (preview) that provides database portability while including recent innovations like vector data types and JSON functions.
The SQL Server 2025 policy bridges the gap between cloud innovation and enterprise requirements for regulatory compliance or contractual obligations, allowing organizations to maintain compatibility with on-premises SQL Server 2025 while benefiting from managed service capabilities.
Key technical additions in the 2025 policy include optimized locking for better concurrency, native vector data type support for AI workloads, regular expression functions, JSON data type with aggregate functions, and the ability to invoke HTTP REST endpoints directly from T-SQL.
This positions Azure SQL Managed Instance competitively against AWS RDS and Google Cloud SQL by offering more granular control over feature adoption timelines, addressing enterprise concerns about database portability while AWS typically forces customers into their latest engine versions.
Organizations using SQL Server 2022 policy should plan migrations before mainstream support ends in 2027, as instances will automatically upgrade to newer policies at end of support, making this particularly relevant for enterprises with strict change management requirements.

41:54 📢 Matt – “This is different, because Azure is complicated – because Azure. You have Azure SQL, which is RDS, it’s fully managed. You have Azure Managed Instances, or Azure SQL managed instances, which is SQL on a server. You have access to the server, but they give you extra visibility and everything else into the SQL on that box, and can do the upgrades and stuff.”

43:19 Fast, Secure Kubernetes with AKS Automatic | Microsoft Azure Blog

AKS Automatic delivers production-ready Kubernetes clusters with one-click deployment, removing manual configuration of node pools, networking, and security settings while maintaining full Kubernetes API compatibility and CNCF conformance.
The service includes automated scaling via Karpenter for nodes and built-in HPA/VPA/KEDA for pods, plus automatic patching, Azure Monitor integration, and Microsoft Entra ID authentication configured by default.
Microsoft positions this as competing with GKE Autopilot and EKS Fargate by offering a fully managed experience while preserving Kubernetes extensibility, targeting both startups without dedicated DevOps teams and enterprises seeking standardized deployments.
Key differentiators include Azure Linux nodes by default, GPU support for AI workloads, and integration with Azure’s broader platform services, though pricing details aren’t specified beyond the “Automatic” tier selection during cluster creation.
The service addresses the “Kubernetes tax” by automating day-two operations like upgrades and repairs, allowing teams to deploy directly from GitHub Actions while Azure handles infrastructure management automatically.

44:38 📢 Ryan – “Yeah, in my day job I’m doing a whole bunch of vulnerability reporting on the container structure. I’m like, half of these containers are just the Kubernetes infrastructure! It’s crazy.”

45:19 Generally Available: AKS Automatic

AKS Automatic removes the operational complexity of Kubernetes by automatically managing cluster configurations, security patches, and infrastructure tuning, allowing teams to focus on application development rather than cluster maintenance.
This managed approach positions Azure against AWS EKS and Google GKE by offering a more hands-off experience, though specific pricing and feature comparisons aren’t detailed in the announcement.
Target customers include development teams new to Kubernetes or those with limited DevOps resources who need container orchestration without the steep learning curve and ongoing management overhead.
The service integrates with existing Azure security and monitoring tools, providing automated security updates and reliability improvements without manual intervention.
Organizations should evaluate whether the automated management trade-offs align with their control requirements and assess potential cost implications of this convenience layer over standard AKS.

PLUS

AKS Automatic with Azure Linux | Microsoft Community Hub

AKS Automatic is now GA and simplifies Kubernetes management by automatically handling cluster setup, node management, scaling, security, and networking while running on Azure Linux by default, reducing operational overhead for developers and platform teams.
Azure Linux provides a minimal attack surface with only essential packages for Kubernetes workloads, passes all CIS Level 1 benchmarks by default (the only AKS-supported distribution to do so), and includes FIPS and FedRAMP compliance certifications.
Performance improvements include faster cluster creation, upgrades, scaling, deletion, node provisioning, and pod startup due to Azure Linux’s reduced image footprint, with automatic patching that respects maintenance schedules and undergoes rigorous testing.
This positions Microsoft to compete with AWS EKS and GCP GKE by offering a more automated Kubernetes experience with end-to-end support for the entire stack, targeting organizations that want Kubernetes benefits without the operational complexity.
The service comes preconfigured with monitoring, scaling, security, and networking tools, supports all current and future AKS extensions and add-ons, and enables deployment from container image to production-ready application within minutes.

45:45 Public Preview: Databricks One in Azure Databricks

Databricks One consolidates data engineering, analytics, and AI development into a single platform within Azure Databricks, addressing the common challenge of fragmented data workflows across multiple tools and services.
The platform introduces unified governance across all data operations, which could help enterprises meet compliance requirements while reducing the complexity of managing permissions and access controls across separate systems.
This positions Azure Databricks more directly against AWS’s fragmented approach with EMR, Glue, and SageMaker, and GCP’s Dataproc and Vertex AI, by offering a more integrated experience for data teams.
Target customers include enterprises struggling with data silos and organizations looking to accelerate their AI/ML initiatives without managing multiple platforms and governance frameworks.
While pricing details aren’t provided in the preview announcement, consolidation typically reduces operational overhead but may increase platform lock-in considerations for organizations evaluating multi-cloud strategies.

46:42📢 Justin – “So if you didn’t want this, you are going to get it forced on you at some point.

47:15 Public Preview: Azure HBv5-series VMs

Azure HBv5-series VMs launch in preview in the South Central US region, targeting memory bandwidth-intensive HPC workloads like computational fluid dynamics, automotive simulations, and weather modeling that require extreme memory throughput performance.
These VMs represent Microsoft’s latest push into specialized HPC infrastructure, competing directly with AWS’s memory-optimized instances like X2gd and GCP’s M3 series for scientific computing and engineering simulation workloads.
HBv5 instances likely feature AMD’s latest EPYC processors with enhanced memory bandwidth capabilities, though specific technical specifications aren’t provided in the preview announcement.
Target customers include automotive manufacturers running crash simulations, aerospace companies modeling aerodynamics, and meteorological organizations processing weather prediction models that bottleneck on memory bandwidth rather than compute.
Preview availability in a single region suggests Microsoft is testing performance and gathering feedback before broader deployment, with pricing details expected once general availability is announced.

49:56 Public Preview: Azure Functions .NET 10 support

Azure Functions adds .NET 10 support in public preview, allowing developers to leverage the latest .NET runtime improvements including better performance and reduced memory usage in their serverless applications.
The upgrade requires updating the target framework and Microsoft.Azure.Functions.Worker.Sdk to version 2.0.5 or later, providing a straightforward migration path for existing .NET Functions projects.
This positions Azure Functions competitively with AWS Lambda which supports .NET 8, while Google Cloud Functions currently only supports .NET Core 3.1, giving Azure a temporary advantage for .NET developers.
Enterprise customers running .NET workloads can now standardize on .NET 10 across their entire Azure stack, from App Service to Functions, simplifying dependency management and security patching.
The preview status suggests general availability will likely arrive in early 2025, giving organizations time to test compatibility with their existing code before production deployment.

51:00 📢 Ryan – “I’m just happy to see .NET running in serverless workloads.”

Show note editor Heather adds “This is a NO time of the day research thing.”

53:30 Generally Available: High Scale mode for Azure Monitor – Container Insights

Azure Monitor Container Insights now offers High Scale mode in general availability, enabling higher log collection throughput for Azure Kubernetes Service clusters that generate substantial logging volumes.
This addresses a common pain point for enterprises running large-scale AKS deployments where standard Container Insights might struggle with log ingestion rates during peak loads or debugging scenarios.
The feature positions Azure competitively against AWS CloudWatch Container Insights and GCP’s Operations suite, particularly for organizations requiring robust observability at scale without custom log aggregation solutions.
Target customers include enterprises with high-transaction microservices architectures, financial services running real-time processing, and any AKS workloads generating logs beyond standard collection limits.
While Microsoft hasn’t detailed specific pricing changes, customers should evaluate whether the improved throughput justifies potential increased costs from higher log ingestion and storage volumes.

54:17 📢 Matt – “The same thing as CloudWatch, it’s so expensive to take logs into any of these platforms, but you gotta get them somewhere. So you kind of just are stuck paying for it.”

54:49 Generally Available: Confidential computing for Azure Database for PostgreSQL flexible server

Azure Database for PostgreSQL now supports confidential computing through hardware-based trusted execution environments (TEEs), ensuring data remains encrypted even during processing and preventing unauthorized access from cloud administrators or malicious insiders.
This positions Azure competitively against AWS Nitro Enclaves and Google Confidential Computing, particularly for regulated industries like healthcare and finance that require cryptographic verification of their database environments.
The feature leverages Intel SGX or AMD SEV technologies to create isolated compute environments, though customers should expect performance overhead of 10-20% and potential limitations on certain PostgreSQL extensions.
Primary use cases include multi-tenant SaaS applications processing sensitive customer data, compliance with data residency requirements, and organizations needing to demonstrate zero-trust security models to auditors.
Pricing follows standard PostgreSQL flexible server rates with an additional premium for confidential computing instances, making it cost-effective for high-value workloads but potentially expensive for general-purpose databases.

57:11 Announcing the Azure Database Migration Service Hub Experience | Microsoft Community Hub

Azure Database Migration Service Hub provides a centralized dashboard for discovering, assessing, and tracking SQL Server migrations to Azure, addressing the complexity of managing multiple migration projects across enterprise environments.
The service automatically discovers SQL Servers in your environment and provides readiness assessments, helping organizations prioritize which databases to migrate first based on dependencies and potential blockers.
Microsoft plans to expand beyond SQL Server to support multi-RDBMS migrations and add real-time migration tracking with status monitoring, error reporting, and completion metrics directly in the dashboard.
This positions Azure competitively against AWS Database Migration Service and Google Database Migration Service by offering a more integrated assessment phase, though AWS currently supports more source database types out of the box.
The Hub experience targets enterprises consolidating data centers or modernizing legacy SQL Server deployments, with the dashboard particularly useful for teams managing dozens or hundreds of database migrations simultaneously.

57:57 📢 Ryan – “It’s a great play by Azure. They have a huge advantage in this space and I think there is a desire by a lot of companies to get out of legacy deployments, so it’s smart. Hurry up with the features.”

58:19 Public Preview: Azure Managed Service for Prometheus now includes native Grafana dashboards within the Azure portal

Azure Managed Service for Prometheus now embeds Grafana dashboards directly in the Azure portal at no additional cost, eliminating the need to manage separate Grafana instances for basic visualization needs.
This integration reduces operational overhead by providing out-of-the-box dashboards for common Azure services while maintaining compatibility with existing Prometheus query language (PromQL) workflows.
The feature positions Azure competitively against AWS Managed Service for Prometheus which requires separate Amazon Managed Grafana instances, though GCP’s Cloud Monitoring already offers integrated visualization.
Target users include DevOps teams and platform engineers who need quick metric visualization without the complexity of managing dedicated Grafana infrastructure, particularly useful for Azure-native workloads.
While this simplifies basic monitoring scenarios, organizations with complex visualization requirements or multi-cloud deployments will likely still need standalone Grafana instances for advanced customization.

58:54 📢 Justin – “I look forward to the arguments between ‘well the Azure monitoring says this, but the Grafana monitoring says this’ and it’s in the same dashboard.”

1:00:01 Generally Available: At-cost data transfer between Azure and an external endpoint

Azure now offers at-cost data transfer for customers moving data from Azure to external endpoints via the internet in Europe, eliminating the typical egress fees that can make multi-cloud or hybrid strategies expensive.
This move directly addresses vendor lock-in concerns by reducing the financial barriers to data portability, making it easier for European customers to adopt multi-cloud architectures or migrate workloads between providers.
The feature appears limited to European regions and CSP partners initially, suggesting Microsoft is responding to EU regulatory pressure around data sovereignty and cloud provider switching costs.
Unlike AWS and GCP which still charge standard egress fees for most data transfers, this positions Azure as more open to hybrid and multi-cloud scenarios, though the geographic limitation reduces its competitive impact.
Enterprise customers running hybrid workloads or needing to regularly sync large datasets between Azure and on-premises systems will see immediate cost benefits, particularly for backup, disaster recovery, and data lake scenarios.

1:01:11 Generally Available: Introducing the new Network Security Hub experience

Azure Firewall Manager has been rebranded as Network Security Hub, consolidating Azure Firewall, Web Application Firewall (WAF), and DDoS Protection into a single management interface for simplified security operations.
This centralization addresses a common pain point where customers had to navigate multiple portals to manage different security services, now providing unified policy management and monitoring across network security tools.
The hub approach aligns Azure more closely with AWS Security Hub’s consolidated view, though Azure’s implementation focuses specifically on network security rather than broader security posture management.
Primary use cases include enterprises managing complex multi-region deployments who need consistent security policies across Azure Firewall instances, WAF rules, and DDoS protection settings from one location.
While pricing remains unchanged for the underlying services, the consolidated management experience should reduce operational overhead and the time required to implement and audit security policies across Azure environments.

1:01:51 📢 Matt – “From my preliminary research, it’s just a nice gooey update that they’ve done to kind of make it be a little bit cleaner. It looks like it’s easier to manage some of these things just with Terraform across the way, but, you know, they’re trying to make this be better for companies at a larger scale.”

1:02:32 Fabric September 2025 Feature Summary | Microsoft Fabric Blog | Microsoft Fabric

Microsoft Fabric’s September 2025 update delivers over 100 new features across data engineering, analytics, and AI workloads, with key additions including general availability of governance APIs, Purview data protection policies, and native support for pandas DataFrames in User Data Functions that leverage Apache Arrow for improved performance.
The new Fabric MCP (Model Context Protocol) server enables AI-assisted code generation directly within VS Code and GitHub Codespaces, while the open-sourced Fabric CLI and new Extensibility Toolkit allow developers to build custom Fabric items in hours rather than days using Copilot-optimized starter kits.
Real-time intelligence capabilities expand significantly with Maps visualization for geospatial data, 10x performance boost for Activator (now supporting 10,000 events per second), and direct Azure Monitor Logs integration via Eventstream, positioning Fabric as a comprehensive alternative to standalone analytics platforms.
Data Factory introduces simplified “pipelines” branding, adds 20+ new connectors including Google BigQuery and Oracle, and enables workspace-level workload assignment, allowing teams to add capabilities without tenant-wide changes while maintaining governance controls.
Database mirroring extends to Google BigQuery and Oracle with near real-time replication into OneLake, plus VNET and on-premises gateway support for secure connectivity, enabling organizations to unify multi-cloud and hybrid data estates without complex ETL processes.

1:03:30 📢 Justin – “I appreciate all this Fabric stuff; Fabric is Azure’s Q.”

1:04:09 Microsoft tames intense chip heat with liquid cooling veins, designed by AI and inspired by biology – GeekWire

Microsoft developed AI-designed microfluidic cooling that brings liquid coolant directly inside processors through vein-like channels, enabling servers to run hotter and faster through overclocking while handling spiky workloads like Teams meetings without needing excess idle capacity.
The cooling system is up to 3x more effective than current cold plates at removing heat from chips’ hottest spots, which can have heat density comparable to the sun’s surface, and Microsoft plans to integrate this into future Azure Cobalt chips and Maia AI accelerators.
This positions Microsoft to compete more effectively with AWS and Google in AI workloads by reducing the number of servers needed while improving performance, addressing the industry challenge of either overbuilding capacity or risking performance issues during peak demand.
Microsoft is making this an industry standard through partnerships, potentially enabling future 3D chip stacking architectures where coolant flows between silicon layers – a development that could significantly advance computing capabilities beyond current limitations.
The company also announced partnerships with Corning and Heraeus for hollow core fiber production to reduce data center latency, and with Stegra for green steel that cuts carbon emissions by 95% in datacenter construction.

1:05:13 📢 Ryan- “Necessity is the mother of all innovation, right? And so this is not only as trying to offset carbon credits, but it’s also all the demand for AI and more compute – and less space and less power and water. So I think it’s neat to see innovations come out of that, and the way they make the sound just makes it seem like sci-fi, which is cool.”

1:06:18 Generally Available: Application Gateway upgrades with no performance impact

Azure Application Gateway now maintains full capacity during upgrades by automatically provisioning new gateway instances, eliminating the performance degradation that previously occurred during maintenance windows.
This zero-downtime upgrade capability addresses a common pain point where load balancers would operate at reduced capacity during updates, potentially causing slowdowns for high-traffic applications.
The feature puts Azure on par with AWS Application Load Balancer and Google Cloud Load Balancing, both of which have offered hitless upgrades for several years.
Enterprise customers running mission-critical workloads will benefit most, as they no longer need to schedule maintenance windows or over-provision capacity to handle upgrade periods.
While the announcement doesn’t specify additional costs, the automatic provisioning of temporary instances during upgrades may result in brief periods of increased compute charges.

1:07:10 📢 Matt – “About two years ago they added the feature called Mac Surge, which is when you have a scale set, you add a node and then you delete it. So here, they are adding their app gateways; so essentially if you have 10, you would go to 11 and then you would remove one of the original ones. And they essentially are just leveraging that as part of the app gateways… But if you’re also auto scaling, which if you have the app that can handle that, you don’t control your nodes. So you would just lose capacity at one point. So it’s one of those quality of life improvements.

Oracle

1:08:27 Oracle Sets The Standard In Enterprise Ai

Oracle announced comprehensive AI capabilities across its cloud platform, positioning itself as the enterprise AI standard with integrated solutions spanning infrastructure to applications.
Oracle’s AI strategy centers on three pillars: AI infrastructure with NVIDIA GPUs and OCI Supercluster, embedded AI in all SaaS applications, and custom AI development tools – a vertical integration play that AWS and Azure don’t match but may lock customers deeper into Oracle’s ecosystem.
The company claims 50+ AI features across Oracle Cloud Application including supply chain optimization and financial forecasting, though specific performance metrics or customer adoption rates weren’t disclosed, making it difficult to assess real-world impact versus marketing.
OCI Data Science platform now includes automated ML capabilities and pre-built models for common enterprise tasks, competing directly with AWS SageMaker and Azure ML but arriving years later to market with unclear differentiation beyond Oracle database integration.
Oracle emphasizes “responsible AI” with built-in governance and explainability features, addressing enterprise concerns about AI transparency – though implementation details and how this compares to competitors’ AI governance tools remain vague.
The integrated approach from infrastructure to applications could simplify AI adoption for existing Oracle customers, but may struggle to attract new enterprises already invested in hyperscaler AI platforms unless pricing is significantly competitive.

1:09:42 📢 Justin – “The best thing about this article is they basically imply that they invented AI.”

After Show

1:21:40 Prompt Engineering Is Requirements Engineering – O’Reilly

Prompt engineering is fundamentally requirements engineering applied to AI interactions – the same communication challenges that have plagued software development since the 1960s NATO conference now appear when working with AI models to generate code or solutions.
Context engineering emerges as a critical skill for cloud developers using AI tools – determining what information to include in prompts (surrounding code, test inputs, design constraints) directly impacts output quality, similar to how requirements scope has always affected project success.
The shift from static documentation to iterative refinement mirrors Agile’s evolution – just as user stories replaced heavyweight specifications, prompt engineering requires continuous conversation with AI rather than single-shot commands, though AI won’t ask clarifying questions like human teammates.
Cloud-based AI services amplify traditional requirements failures – when AI generates code directly from natural language without the structured syntax guardrails, small variations in problem framing can produce significantly different outputs that look plausible but fail in practice.
Organizations falling into the “prompt library trap” repeat 1990s template mistakes – standardized prompts can’t replace the core skill of understanding and communicating intent, just as perfect requirements templates never guaranteed successful software delivery.

Closing

And that is the week in the cloud! Visit our website, the home of the Cloud Pod, where you can join our newsletter, Slack team, send feedback, or ask questions at theCloudPod.net or tweet at us with the hashtag #theCloudPod

databricks one