In-Depth

Deploying Azure Stack

Now that Microsoft's new hybrid cloud appliances bring Azure functionality on-premises and to services providers, here's what you need to know.

• By Jeffrey Schwartz
• 12/08/2017

Now that the first Azure Stack appliances are available, any organization or services provider can run their own instances of Microsoft's public cloud in their datacenters by acquiring turnkey hyper-converged infrastructure from four of the leading providers of datacenter hardware. From a systems infrastructure perspective, Azure Stack is the most significant new offering Microsoft has made available to enterprise customers and services providers in many years. If there's vast uptake for Azure Stack, it's poised to play a key role in how organizations build and manage their private and hybrid cloud infrastructures and next-generation modern applications.

It could also lessen or eliminate OS or virtual machine (VM) dependencies. As with any major new technology, and even an update to an existing platform, change doesn't come overnight, or as planned. But now that the first customer deployments are going live, IT pros will want to keep a close eye on the successes or lack thereof surrounding Azure Stack.

There are quite a few pieces to the Azure Stack puzzle, and with Cisco Systems Inc., Dell EMC, Hewlett Packard Enterprise (HPE) and Lenovo shipping the first certified systems co-engineered with Microsoft, it's important to understand what's available and why it could play a key role in how your organization develops and deploys IT infrastructure and application services. It's also critical to realize that similar to the Azure public cloud, Azure Stack is an evolving technology that Microsoft will update continuously. Also, similar to Azure, customers will pay for Azure Stack services based on usage and monthly Azure subscriptions (see Microsoft's pricing chart, Figure 1).

Azure Stack is intended both for existing users of Microsoft's public cloud who require their own nodes at an edge location -- either on the customer's own premises or that of a local services provider or colocation facility -- as well as those not ready to use a public cloud but want to move to the Azure platform on-premises. Perhaps the latter camp will eventually migrate some or all of those workloads to the public cloud, but must keep some or all of their data locally for self-imposed privacy concerns, or to meet compliance and data sovereignty requirements.

Officials at Microsoft and the first hardware vendors to ship certified Azure Stack appliances say there's pent-up demand from enterprise customers and services providers who want to take delivery of Azure Stack appliances. "The interest is high, but buying is still focused on early adopters, similar with most new solution releases," says Rand Morimoto, president and CEO of Convergent Computing, a consulting firm based in Walnut Creek, Calif. "Whether all of the interest turns to purchases is still to be seen."

The First Implementations
At the recent Ignite conference in Orlando, Fla., Microsoft revealed some of the first customers implementing Azure Stack. Among them is media production company Avid Technology Inc., which is using both Azure Stack and Azure Media Services to build cognitive analysis into the video editing process. Avid had announced plans to develop Software-as-a-Service (SaaS)- and Platform-as-a-Service (PaaS)-based media service offerings built on its Avid MediaCentral Platform back in April at the National Association of Broadcasters (NAB) convention in Las Vegas. Avid systems are widely used by video post-production studios and television broadcasters.

Azure Stack comes into play at Avid because there's too much latency to ensure smooth workflows in a public cloud. By having it on-premises, the results of the cognitive queries in the public cloud are rendered locally on the Azure Stack appliance. During a session at Ignite, Microsoft said the combination of Azure and Azure Stack was appealing to Avid because it uses consistent application logic and development experience. Another popular use case is remote locations where network access to Azure isn't guaranteed or available at all, notably ships including cruise lines, cargo shipping vessels and oilrigs.

One of the largest suppliers of oil drilling resources, Schlumberger Ltd., announced in mid-September it plans to use Azure, Azure Stack and Microsoft's Office 365 collaboration tools for its new DrillPlan digital well construction planning solution. Azure Stack is also aimed at businesses that must keep certain workloads or data on-premises such as health care providers and financial services firms, including insurance companies, banks and any organization that processes personally identifiable information. In addition to Avid and Schlumberger, Microsoft has revealed ABSA Bank, ANZ Bank, Mitsui Knowledge Industry and Saxo Bank as among the first to bring Azure Stack into production.

Morimoto says many of his customers are among those with security policies that dictate that the application or data must run only within a private managed datacenter. "These were the scenarios we had anticipated to be of most interest, and it has turned out that our first handful of Azure Stack customers fit these molds," he says.

Microsoft also identified the first managed services providers (MSPs) rolling out services built around Azure Stack, including NTT, Pulsant, Revera, Resello and Tieto. Others such as Atos and Rackspace have acknowledged plans, as well. Those choosing the services provider approach have the option of using Azure services provided in a specific locale or having the partner deploy and manage Azure Stack in the customer's datacenter. In either scenario, they can supplement that usage with Microsoft's Azure service, but other than using the portal interface, using its public cloud isn't a prerequisite.

Base Azure Stack Configurations
While the various hardware providers all tout their specific competitive advantages, Microsoft has imposed some tight baseline engineering requirements on the first systems that are now shipping. They all must be certified and validated deployments that allow for continuous patches and updates from Microsoft, which plans to issue them on a monthly basis, or as needed. The initial systems can scale from four to 12 physical server nodes, though that will extend to 16 next quarter. Security and privacy are based on Microsoft's Security Development Lifecycle, using its "hardened-by-default" approach, encryption for data at rest and meeting key compliance standards and controls such as PCI-DSS and the Cloud Security Alliance's CCM matrix. It also provides the capability of recovering cloud infrastructure, data and workloads through backup capabilities of Azure and optional third-party backup solutions from CommVault, Dell EMC, Veeam, Veritas and several others certified by Microsoft.

Atos International, a large global cloud services provider based in Paris that's expanding its North American footprint, announced at the Dell EMC World conference back in May that it planned on offering cloud services based on Azure Stack. Dell EMC introduced a single-node Azure Stack appliance for test and development at the conference, held in Las Vegas, to get customers started. The single-node system is priced at $20,000, a fraction of the entry-level four-node systems that start at approximately $300,000, but can only be used for dev and test, not production.

In a session at the Dell EMC conference, Mark Nouris, Atos Group VP for hybrid cloud, encouraged customers to start experimenting and developing proof-of-concept scenarios. Nouris encouraged IT pros and developers to become familiar with Azure Stack Admin and tenant experiences, infrastructure as code using Azure Resource Manager (ARM) templates, and to work with services such as the Azure Web/ServiceFabric, Visual Studio and PowerShell experiences and with Infrastructure as a Service (IaaS) and virtual servers (see Figure 2 for the key components of the Azure Stack software).

Now Available with Intel's 'Purley' CPUs
Nouris said Atos was waiting for the release of the Dell EMC Azure Stack appliances configured with the company's new PowerEdge 14 servers, which are based on next-generation Intel Xeon Scalable Processors, code-named "Purley." The early crop of Dell EMC servers that started shipping in early October were built on its PowerEdge 13 servers, powered by Intel Xeon CPUs, code-named "Broadwell." Intel announced the release of the new processors in October, paving the way for the hardware vendors to release the next generation of their servers.

Paul Galjan, senior director of product management for hybrid cloud solutions at Dell EMC, says any organization that wants the flexibility to scale in the future will find the processors based on the company's new PowerEdge 14 hyper-converged server architecture a better long-term bet. Systems based on the PowerEdge 14 will offer a 153 percent improvement in capacity, Galjan says.

Azure Stack appliances equipped with the new Purley processors offer improved IO, support up to 48 cores per CPU (compared with 28) and provide 50 percent better memory bandwidth up to 1.5TB, according to Vijay Tewari, principle group program manager for Azure Stack at Microsoft.

"It is purely remarkable the amount of density we have been able to achieve with the 14g offering," Galjan says. One of the key limitations of systems based on the Broadwell platform is that they'll lack the ability to expand nodes on a cluster, a capability Microsoft will address in 2018. But it'll require the new Intel CPUs. Galjan says most customers have held off on ordering systems based on Azure Stack, awaiting the new processors from Intel for that reason.

"Actually, our R&D was waiting for these new servers to have everything fully integrated in our automation and fully hyper-converged," Nouris admits. "Everything fully ready to sell and deliver [by] end of the year."

Galjan says that's why Dell EMC is being aggressive about getting the new systems out. "Azure Stack is a future-looking cloud platform and customers are looking for a future-looking hyper-converged platform," he says.

Azure Parity Not Available Yet
While Azure Stack may be the future, so are many of the features that are being offered in the Azure public cloud. Among those popular features customers are awaiting are multi-site support that allows traffic to be distributed between two or more geographies and the ability to manage multiple Azure Stack instances within a single Azure Resource Manager (ARM) environment. "To put it simply, what they are looking to do is more nodes, more sites and then more racks," says Aaron Spurlock, senior product manager for Azure Stack at HPE (see "First Look: HPE's Azure Stack").

Lenovo, which said its ThinkAgile SX for Azure Stack appliance is also available with the new Intel processors, offers both 25U and 42U appliances that are available in either four-to-eight- or nine-to-12-node configurations (see Figure 3). Lenovo is the first to support the Intel Select program early next year, which includes additional testing designed to ensure verified, workload-optimized and tuned systems.

Select Solutions, a program announced by Intel earlier this year, is a system evaluation and testing process designed to simplify system configuration selection for customers, according to Intel's Davis. It targets high-performance applications that use Azure Stack with an all-flash storage architecture.

Cisco Enters the Fray
While Dell EMC, HPE and Lenovo were the first to ship Azure Stack appliances, Cisco has also already started taking orders for its offering. The Cisco Integrated System for Azure Stack is built on the Cisco UCS hyper-converged infrastructure platform. Specifically, it's built with Cisco's UCS C Series C240 M4L Rack Servers (see Figure 4).

Cisco claims the policy-based management and API-capable automation and hardware abstraction offers high-performance networking designed for virtualized environments. The company says its Virtual Interface Cards are designed and certified according to Microsoft's Azure Stack specs.

While all the vendors must meet Microsoft's hardware--engineering requirements for Azure Stack certification, Cisco says its key differentiator is the company's NVMe-based 40bb Ethernet connectivity; integration with its Nexus security, network integration and management platform; and AppDynamics, the networking giant's recently acquired application performance management and analytics offering.

"Cisco is the only Azure Stack supplier that delivers all components of a successful cloud application deployment -- from high-performance networks and compute systems, to application performance management and analytics with AppDynamics," Liz Centoni, senior VP and general manager of Cisco's Computing Systems and Product Group, claims in a recent blog post.

Azure Stack Development Kit (ASDK)
For now, customers wanting to run Azure Stack in production must acquire them from Cisco, Dell EMC, HPE or Lenovo, and next quarter from Huawei. Microsoft lets customers perform proof of concepts on their own single-server hardware with the Azure Stack Development Kit (ASDK). The ASDK provides single-server deployments for pilots and proof of concepts only. It provides access to the portal, Azure services and Microsoft's DevOps tools. The content in the ASDK is consistent across the various engineered systems certified by Microsoft, meaning applications built with the ASDK will work across all of them, according to Microsoft.

Underscoring that functionality in Azure Stack will evolve over time, the initial Azure IaaS services now available with the first shipping appliances include Azure Virtual Machines (A, D and Dv2 sizes), Azure Virtual Machine Scale Sets, Azure Storage (blobs, tables, queues), Azure Networking – Virtual Networks, Load Balancer, VPN Gateway and Azure Key Vault. A connector that provides access to Windows Azure Pack is scheduled for release by the end of the year. In the coming quarters, Microsoft said it will release Azure IaaS consistency improvements such as new VM types and updated API releases.

The Azure PaaS services available with Azure Stack include Azure App Service, Web Apps, API Apps, Mobile apps and Azure Functions, while Standalone Azure Service Fabric clusters on IaaS VMs, Azure Container Service (ACS) Engine support (including Docker Swarm, Mesosphere DC/OS and Kubernetes container management templates) are set for release either by year's end or next quarter. Other PaaS services available include My SQL and SQL Server.

For authentication, Azure capabilities on Azure Stack include multi-tenant support for Azure Active Directory and Active Directory Federation Services support. Various Azure services on Azure Stack available in the Azure Stack marketplace include Kemp Technology's load balancer and Web application firewall and Bitnami, which are validated open source instances such as WordPress and Lamp. Templates for Pivotal Cloud Foundry and blockchain are scheduled for release by the end of the year.

Other images and extensions available for use from the Azure Marketplace include Windows Server, Azure Docker Extension, DSC Extension, Chef Automate and key Linux distributions including Red Hat, SUSE, CentOS, Debian, Ubuntu and Core OS. DevOps tool integration is available in Visual Studio, Jenkins, PowerShell and Azure CLI 2.0.