March 26 Microsoft announced they added a new member to the Azure Stack family. Some of you might got confused with the news Microsoft released Azure Stack HCI. In this blog post I will describe the differences and how to position both platforms.
Azure Stack – Intelligent Cloud / Intelligent Edge
Azure Stack as we know it since it shipped in 2017, is an appliance you can buy from a hardware vendor including support. You choose a size and roll it into your datacenter. You consume a cloud that is consistent with Azure. Microsoft manages the software, the vendor the hardware. You just operate it as an appliance.
Azure Stack HCI – Hyper Converged Infrastructure
Azure Stack HCI is the new name for the Windows Server Software Defined (WSSD) program, that is a certification program where hardware vendors can certify hardware to run in a optimal configuration Hyper-V and Storage Spaces Direct. It is brought into the Azure Stack family because Microsoft has started to offer new options to connect seamlessly with Azure for infrastructure management services. The hardware and on top of it hyper converged compute, storage and networking is the same layer as Azure Stack is running. With Azure Stack you are cloudadmin, but not domain admin, in Azure Stack HCI you are the domain admin of the platform but don’t have the Azure Portal like in Azure Stack.
Infrastructure as a Service (IaaS) vs Virtualization
In order to understand the purpose of both platforms it comes down to understanding the real difference between IaaS vs virtualization. Virtualization goes way back where we took a physical server and ran it virtualized on dedicated hardware. The win was that we could utilize hardware better by placing multiple virtual machines (VM’s) on the same hardware. With virtualization we took our monolithic app running on hardware and transformed it into a virtual machine and ran it 24/7.
When cloud came along we got Infrastructure as a Service. First, what is ‘as a Service’? You consume X (whatever is offered as the service) and you pay for it as long as you use it. The fee is usually a bit higher then when you would ran it your own, as ‘as a service’ also means that the parts driving the service you are consuming, is maintained by the vendor you consume it from. Infrastructure as a Service is where you consume infrastructure (Compute, storage, networking) and pay for it as long as you use it. Here comes into play that the ability to scale up and down when the demand is right, and if managed correctly, huge cost savings can be achieved. If we look at public Azure today, I think we can conclude that Azure is an Enterprise ready IaaS platform. If we have traditional enterprise IT, all services like high availability, backup, monitoring, update management, automation etc. around IaaS makes Azure an good fit to run VM’s in public cloud. Combined with Express Route, a low latency high bandwidth connection, the enterprise scales well to public cloud.
Azure Stack HCI
Azure Stack HCI is a virtualization platform, with all the goodness it comes with it. You buy it, build it, maintain it, consume it. You are a full admin on the platform and can do all the fancy stuff that an (enterprise) IT department requires in order to operate their business. It extends very well as an hybrid cloud to Azure where the following services can be consumed to manage Azure Stack HCI and the vm’s hosted on it:
– Azure Backup
– Azure Site Recovery
– Azure Monitor
– Azure Update Management
– Azure Security Center
– Azure Network Adapter
– Azure Cloud Witness
If desired you can go full private cloud only and use Windows Admin Center or even System Center to manage it. Yes folks, System Center might look dead to you, but development is still going and 2019 is just GA’ed.
In my blog Azure Stack’s role in the “Azure: The worlds computer” I mention on the future of Azure Stack and the pitfall. With Azure Stack HCI, in my personal opinion the pitfall part is well served here. Some might say it is just a marketing term and I agree, it is not IaaS, but still I believe a better fit for VM’s then Azure Stack IaaS. That all just comes down with the current limitations we face on Azure Stack today as an IaaS platform. I got asked a lot about how this opinion is formed. (and its my personal one)
It’s a bit technical now but I conclude the following. In my experience, a single failover cluster can fail. Azure Stack is delivered today as a single failover cluster. The feature to add multiple scale units (aka failover clusters) is on the roadmap. So to run mission critical workload (in a monolithic app world) redundancy needs to be achieved in the infrastructure. In order to achieve this, multiple stamps needs to be deployed. Next, the tenant admin then needs to connect those 2 subscriptions in order to achieve high availability between the 2 stamps. Native VPN gateways in Azure stack has the limitation it can only have 1 S2S tunnel from 1 source address to the same (1) destination address (This is true with the current Azure Stack VPN Gateway design) and Virtual Network (VNET) peering between 2 stamps is not possible. So (expensive) 3th party virtual network appliances have to be deployed in order to achieve this. The other solution could be to route all traffic from stamp 1 back to on premises and then back to stamp 2. So these are some of the constrains we see on networking part. Next subject is Backup and Disaster Recovery (DR). Why customer choose Azure Stack over Azure? Latency, data sovereignty? If the last option applies, Azure Backup, and Azure Site Recovery (ASR) wont be an option in most cases as Backup & DR solution. ASR from 1 Azure Stack stamp to another stamp is not possible today. Same has to be achieved with 3th party tooling. For the enterprise use case I see the same reasons that Azure Stack IaaS is not mature enough yet and Azure Stack HCI might be a better fit.
That said, when you do have cloud native apps that needs to run on IaaS, most likely the redundancy is achieved in the app space. Cloud native application development is about assume failure. I still love the Netflix Simian Army story about how they assume failure in their deployment all the time. Azure Stack is the platform to build cloud native apps. So the border to have IaaS really comes down to how flexible you are in the design of the application that you would like to run it on Azure Stack. Also as earlier mentioned in my blog Azure Stack’s role in the “Azure: The worlds computer” I believe the cause for Azure Stack is more on the PaaS and Intelligent Edge side and fully disconnected scenarios. Azure Stack HCI is a good fit to answer the virtualization side. And yes, you can run IaaS on Azure Stack. Do you really want to do so today? My opinion is that when multi scale units and improved Backup / DR arrives we have a way more solid story for the IaaS on Azure Stack. And notice that when Azure Stack has this features added in the future I would withdraw and reconsider my conclusion. Its the same thing that Azure, just in the last few years is mature enough to serve large enterprise IT with all the governance and security features they have added. The cloud transformation is a journey and change is the only constant you’ll get!