At Ignite 2015 Microsoft announced Microsoft Azure Stack. Microsoft brings with this version literally the Public Azure to your own Datacenter. Azure stack will contain the same bits as they run in Azure. So that’s looking really promising as I can’t even imagine how many services they offer in Azure. The big keyword here is consistency. When you as a tenant creating a new deployment they will allow you to take that deployment and run it in Azure, the Service Provider running Azure Stack and your own data center if you are running Azure Stack. And that’s a big change versus the last 2 editions of Azure Pack. But as Daniel Neumann mentioned on his blog, it is not a new version but a new product. In this blog post I am going to highlight the new features that makes all this consistency possible. You see in the image below that Azure Stack and Azure consist of the same building blocks, starting with the Cloud Infrastructure or as we also know it as the fabric. On top of that they provide the Azure Portal and on top of that we deploy our services no matter if it is running Windows or Linux.
Let’s start at the top. We know how the deployments look like. It’s what we are running today when we deploy virtual machines and other services to Azure or Azure Pack. I will zoom into the new Portal (IaaS | PaaS Services) part.
When we look at the image below we see the Browser Experience. In the current version of Azure Pack we have 2 portals, 1 for the Tenant and 1 for the Admin. In Microsoft Azure Stack we have 1 browser Experience. And that experience is also the same across Azure Stack and Azure. So admins as well as the tenants go through the same portal site and leveraging the same Portal API’s and extensions. In the deployment of the Portal site there is still an option to scale out to multiple website nodes like we do with an distributed deployment of Azure Pack today. When we go down the rabbit hole we see the Azure Resource manager and the Core Management Resource Providers. The Core Management Resource Providers integrate in Resource manager and all components interact with that. Later on I will zoom into the resource manager and the Core Resource Providers. Further down we see the Service Resource Providers. The service resource providers will control and manage the resources it is assigned to. Like the Compute Service Resource Provider will manage the Compute resources (nodes) The Storage Resource Provider will manage the Storage resources (nodes) and so on… And that’s really in a nutshell the top to bottom service layout of the Azure Stack.
Let’s zoom in at the Portal. The portal is completely redesigned and which allow you to fully personalize. It is highly scalable and have integration across services. When you install new resource providers today in Azure Pack you need to edit the core code for the Azure Pack portal. Then you need to restart the web service process to see the result of that change. With the new design the Portal process runs continuously in a separate process and when you extend the portal by adding extensions a workflow will distribute the extensions to all nodes running the portal site. As mentioned before the admin and tenant site are integrated in the same portal.
The Portal UI is very nice, but it would be useless if we cannot login to the portal right? Let’s zoom in at the identity part of the new Azure Stack. In the old portal we had the options to use the SQL .Net membership or we could integrate ADFS to use AD or other federated Identity Providers (IDP’s). In the new portal they use claims-based authentication and there is native support for the following:
- Azure Active Directory
- Windows AD
- Active Directory Federation Services (ADFS)
From the Azure Resource manager to the Core Management Resource Providers it will use Windows Authentication or Basic Authentication. The Core Management Resource Providers will use Windows Authentication or an authentication method defined by the Resource Provider.
Let’s look into the resource manager. The resource manager is the new Service Management API. It’s as Microsoft calls it “a product” that allows the management of the compute, storage, network. When you, as a tenant, create a resource group it allows you to put all the resources (VM’s, Networks, websites etc…) in a resource group that can be managed as a whole (Create /Add / Update /Delete – aka Life Cycle Management). With Role Based Access Control (RBAC) you, as a tenant, can also provide access to other users that have access based on the permission you assign to the resource group. Also usage is collected for a particular resource group so you can see how much the resources in a resource group will cost. The resource manager will also allow you to put deployments in regions. Regions represents the datacenters of your service provider or your own datacenters. Furthermore the Resource manager is providing audit logging on your subscriptions and resources. To create resources using the Azure Resource Manager you need to create or use an existing template. A template is a json file what can be edited to define the resources in your deployment.
The Azure Resource manager will talk to the Core Management services. Let’s look at the components involved in that.
The Authorization Service: By using RBAC, it allows us to granular assign permissions to resource groups. Subscriptions are assigned to tenants that have a plan defined.
The Subscription Management Service is responsible for managing the Service Plans, Offers and subscriptions. You can even use Azure Resource Manager templates to define new subscriptions based on a template you have defined.
The Gallery component is a core common service that will work across any of the connected services. Admins as well as tenants are allowed to put their own gallery items in it.
The Events Service is a collector to collect all events across all the services
The monitoring service collects metrics from all services.
And last but not least we have the Usage Service which will collect the usage per service for each tenant / Resource Group.
So this is all the information I have so far. I can’t wait to get the early bird bits to play around with it and when I do I will follow up on this post to give you more technical information of Azure Stack!