There are a number of scenarios where hybrid cloud computing is a good choice for an organization. First, if your workload is very dynamic, then you could use an easily scalable public cloud for the dynamic workloads while less volatile workloads are dealt with in a private cloud or in an on-site data center. Alternatively, a hybrid cloud computing solution can be used to separate sensitive information from less sensitive information. For example, sensitive data can be stored on a dedicated server while front-end apps are run on the public cloud.
Also, when it comes to big data processing, some of the big data analytics could be run using public cloud resources, which are highly scalable, and sensitive data can be kept behind your firewall. And finally, some organizations have legal limitations as to where they can store their data or have concerns about security, compliance or data portability, so hybrid cloud computing can offer a solution to these issues. However, hybrid cloud computing solutions are much more complex to set up than purely private or public solutions, which is where Azure Stack comes in.
Azure Stack Overview
Azure Stack is a hybrid cloud computing software solution which was developed by Microsoft and is based on their Azure cloud platform. Azure Stack is a form of cloud computing in that it combines infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) in a software stack. This stack spans both on-site data center environments as well as Azure cloud. Azure and Azure Stack share a standardized architecture, with the same portal and DevOps tools are common to both.
Azure Resource Manager
Azure Resource Manager (ARM) is the common control panel used across all Azure services, including Azure Stack, which means a less steep learning curve. ARM allows you to manage all your resources on Azure, for example, a virtual machine, storage account, and virtual network, or a web app, database, database server, and third-party services, as a group. This means that you can deploy, update and delete in a single operation. ARM also allows template-based deployment of applications and unified role-based control.
How does Azure Stack work?
Azure Stack is delivered as an integrated system with software installed by Microsoft’s hardware partners on pre-qualified hardware. Azure Stack is not a DIY virtualization platform or something you run on your own hardware. Instead, it’s an integrated system that the hardware partner integrates into your existing environment, which is then ready to deploy workloads on to.
This means that you don’t buy Azure Stack from Microsoft; instead, you get the ‘integrated system’ from one of Microsoft’s partners. The integrated systems available range from four, eight and 12 nodes. Memory per node ranges from 256GB to 768GB, from 12 to 24 cores per CPU and from 6TB to 12TB SSD cache with 40TB to 100TB of HDD storage.
Underlying Azure Stack is an Active Directory domain, running on virtual machines (VMs). Storage is provided through Storage Spaces Direct (S2D), combining local storage (HDD, SSD, NVMe) in each node for high performance and resilient VM storage. Azure Stack only uses three-way mirroring, storing three copies of each data slab on three different nodes. This means that you can lose up to two nodes in a cluster and still be able to keep running.
Because Azure Stack is an integrated system, there are limitations on what you can do to it.
For examples, it’s not possible to run agents for anti-malware, backup or monitoring on the hosts. Also, you’ll have very limited access to the built-in AD which underlies Azure Stack. But it’s not a system that you just set up and ignore either. You’ll have to carry out the updates regularly in order to continue being supported. These updates, other than bug and security fixes, also help keep Stack in sync with Azure’s public cloud.
Platform as a Service (PaaS)
PaaS is a type of cloud computing that provides a platform and environment which allows developers to build applications and services over the internet. The PaaS services are hosted in the cloud and can be accessed by users via their web browser. PaaS Services in Azure Stack provide an experience which is consistent with Azure as well as API that can be accessed regardless of if they exist on-site or in a Microsoft-owned datacenter.
These PaaS services include App Service (which includes Azure Web Apps, Mobile Apps, API Apps, and Functions), Key Vault, SQL, and MySQL, to name a few. Azure Stack also offers the following PaaS features: Azure Functions for Serverless Computing, Azure Container Service supporting Docker Swarm, Kubernetes and Mesosphere and Cloud Foundry.
Infrastructure as a Service (IaaS)
In an IaaS model, a cloud provider hosts the infrastructure components which were traditionally present in an on-premises data center, such as servers, storage, and networking hardware, as well as the virtualization or hypervisor layer. The resources and services are accessed through a wide area network (WAN). Azure Stack’s IaaS features and functionalities include deployment of various sized VMs, Linux and Windows Containers, Virtual Networking, VPN Gateways, various forms of storage and Key Vault for secure protection of application keys and secrets.
High level differences between Azure and Azure Stack
In an IaaS model, a cloud provider hosts the infrastructure components which were traditionally present in an on-premises data center, such as servers, storage, and networking hardware, as well as the virtualization or hypervisor layer. The resources and services are accessed through a wide area network (WAN). Azure Stack’s IaaS features and functionalities include deployment of various sized VMs, Linux and Windows Containers, Virtual Networking, VPN Gateways, various forms of storage and Key Vault for secure protection of application keys and secrets.
How to connect Azure Stack to Azure
There are two supported methods to connect virtual networks in Azure Stack to virtual networks in Azure: site-to-site and outbound NAT. Site-to-site uses a virtual private network (VPN) connection over IPsec (IKE v1 and IKE v2). This type of connection requires a VPN device or Routing and Remote Access Service (RRAS). The communication is encrypted and is secure. However, bandwidth is limited by the maximum throughput of the tunnel (100-200 Mbps).
By default, all virtual machines in Azure Stack will have connectivity to external networks via outbound NAT. Each of the virtual networks in Azure Stacks gets a public IP address assigned to it. Outbound access is via outbound NAT using the VIP of the virtual network. This is only for communication coming from the VM and going to an external network and cannot be for communications going in the opposite direction.
Hybrid connectivity options
The option for hybrid connectivity depends on what kind of deployment your organization wants to offer and where it will be deployed. Do you need to isolate network traffic for each tenant? Will you have an intranet or internet deployment?
You can have a single-tenant Azure Stack. There can be many different tenant subscriptions, but it’s a single-tenant stack from a networking perspective as all the traffic travels over the same network and doesn’t need to be isolated via an encrypted tunnel. A multi-tenant Azure Stack is also possible. This is where each tenant’s subscription traffic that’s traveling to external networks must be isolated from other tenants’ network traffic.
An intranet deployment is when Azure stack sits on a corporate intranet and behind firewalls while an internet deployment means that the Azure Stack is connected to the public internet and uses internet-routable public IP addresses. The pros, cons and use cases of each type of deployment are summarised below.
Azure Stack hardware requirements
Finally, here are the minimum requirements to run Azure Stack as of late 2018:
- CPU: Dual-Socket: 12 physical cores
- Memory: 96GB RAM
- BIOS: Hyper-V Enabled (with SLAT support)
- Disk (OS): 1 OS disk with a minimum of 200GB available (SSD or HDD)
- Disk (General Azure Stack POC Data): 4 disks, each with a minimum 140GB (SSD or HDD)