Azure in a Hybrid World
With hybrid becoming the norm, cloud expert Paul Schnackenburg looks at the different flavors of hybrid Azure and how they compare, in which scenarios you'd use each one and links to learn more.
Depending on who you listen to, cloud computing is either the only way forward for enterprise IT, or it's surrender of control and best avoided. The truth, as always, lies somewhere in between those extremes. Cloud and its many varied services are definitely very useful tools in our toolbelt, but it's not the only set of tools, nor are they the ones to use in every situation. Whomever you speak to however, they all agree that hybrid infrastructure is going to be the new normal for quite some years.
And that's where Azure really shines -- Microsoft's taken their long experience in corporate datacenters and made having one foot in each camp, if not easy, at least manageable.
In this article we'll look at the different flavors of hybrid Azure on offer and how they compare, in which scenarios you'd use each one and links to learn more.
This is a true hybrid enabling technology that goes further than the others (AWS and GCP) have ventured, connecting workloads running in on-premises datacenters as well as in other clouds to Azure, letting you manage them all side by side using the same tools.
We looked at Arc back in August 2020 and it's come along nicely since then. Arc enabled servers is now Generally Available (GA) and with a simple agent on your Linux or Windows server they'll appear in the Azure portal. You can then use Role Based Access Control (RBAC) to control access, assign tags for grouping and management as well as apply Azure Policy to audit and enforce configuration settings. Part of Arc for servers is Arc enabled SQL Server (preview), a VM agent that helps you manage SQL in VMs in a similar way to how you can do it in Azure.
If you're adopting Kubernetes, you can of course use the managed Azure Kubernetes Service (AKS) in public Azure, but perhaps you have K8 running elsewhere which is where Arc for Kubernetes (GA) comes in handy. Again, tagging and policy configuration is unlocked plus you can deploy applications and K8 configuration to any cluster using GitOps.
Arc enabled data services is in preview and lets you operate SQL Managed Instance (MI) and PostgreSQL Hyperscale, both for connected and disconnected scenarios, unlocking features such as elastic scaling, self-service provisioning and unified management.
I wouldn't be surprised if Arc spreads to more workloads and platforms. My favorite quote was from an IT pro at a large, distributed company who said, "as long as we provide an image with the Arc agent baked in, our developers and other business units can deploy anywhere, in any environment they chose to and we still have visibility, we know that backups are performed, and that our policies are applied."
Backup and Disaster Recovery
An early killer app for public cloud was replacing costly and clunky tape backups with cheap "bottomless" storage on the other end of a network connection. Azure offers Microsoft Azure Backup Server (MABS) that you run on a local VM with some disks attached for fast restore of recent backups, with older backups automatically moved to a Recovery Services vault in Azure. MABS is built on System Center Data Protection Manager (DPM) with some features removed (no DPM-to-DPM protection, no local tape backup) and a $0 price tag for the software -- instead you pay per protected instance. If you have a single Windows server in a branch, or perhaps a handful, you can instead use the Microsoft Azure Recovery Services (MARS) agent to backup to Azure.
Backup is important and if you really need it, you can keep your backups for up to 99 years with the tools above. However, Business Continuity Disaster Recovery (BCDR) is also important, particularly for business-critical workload where hours or days of restore time from backup just doesn't cut it. Azure Site Recovery (ASR) is the tool of choice here, letting you replicate Windows and Linux VMs on both Hyper-V and VMware as well as physical servers to Azure for rapid failover and restoration of service.
As your business finds its footing in the ever-shifting landscape of hybrid (and Covid-19) there will come a time when you'll need to move workloads to the cloud. Azure Migrate is the platform here, letting you assess what you've got on-premises (Hyper-V, VMware, physical, Linux, Windows and applications), which ones will migrate as is, which ones will need some TLC along the way and perhaps workloads that don't belong in the cloud. It'll also estimate costs to run the workloads in Azure, along with recommendations (based on the performance profile of each VM) on right sizing. Migrate offers built in migration tools but also integrates with third party offerings. Databases are supported, both for inventory and migration, including moving from SQL running in a VM to Azure SQL Database (the PaaS service), or SQL Managed Instance (MI) where possible.
The entire migration is managed from a single interface, with minimal downtime for your workloads as they're moved.
Note that some introspection is useful here, as "just" moving a bunch of VMs from on-premises to Azure doesn't modernize your IT operations, and there may be opportunities to swap to PaaS or SaaS alternatives for some workloads.
Perhaps there's no better symbol of the hybrid world we live in than file servers -- many a technology has tried to make them redundant (SharePoint, OneDrive, third-party ISVs etc.), but most businesses I deal with still has them and still wants them to be local. Managing file servers at scale, however, is a drag, especially planning capacity and endlessly adding disk space to satisfy forever growing document repositories.
Azure File Sync is the unsung hybrid hero here, letting you leave your shares on premises and install a small agent to replicate older (cold) data to the cloud, leaving a pointer so that users are none the wiser. If they dig up a file that's older, it's transparently retrieved and again cached locally on the file server. BCDR comes for free with the ability to replace a failed file server with a new one and simply replicate data back down from the cloud. And you can have multiple file servers in multiple locations with file shares kept in sync.
"Never underestimate the bandwidth of a FedEx truck," or in other words, if you have large amounts of data to upload to Azure, perhaps using your network pipe isn't the best solution. Pick a member of the Data Box family in the Azure portal, it's shipped to you, plug it in to your datacenter, copy the data onto it and ship it back. Microsoft will upload the data to your designated storage account. Data Box Disk is the junior, an 8 TB 2.5" USB SSD drive, you can order up to five of them, giving you about 35 TB usable space. Data Box is the middle sibling with 80 TB of usable space and 2 x 10 GbE interfaces. For really large amounts of data, use the bigger brother, Data Box Heavy with 770 TB of usable space and 2 x 40 GbE interfaces.
For online transfers there's Data Box Gateway, a VM appliance that you run on-premises and upload data to (SMB or NFS) which is then transferred to Azure Storage (block blobs, page blobs or Azure Files). It can be used after the offline options above have copied the bulk of the data for further incremental uploads.
Azure Stack Edge
Need to pre-process data before uploading it to the cloud or perhaps run GPU-powered machine learning across your data before moving a subset of it to Azure? The Azure Stack Edge family comes in three sizes as "Hardware as a Service." The Pro GPU is a 1U, 24 core, 128 GB memory, 6 x 25 GbE NIC device with one or two Nvidia T4 GPUs for ML inferencing.
For environments outside your datacenters there's the ruggedized Pro R with 20 cores, 256 GB memory, 2 x 25 GbE NICs with one Nvidia T4 GPU. Finally, there's the Mini R at 7 lbs. (~ 3.5 Kg for the rest of the world) with a built-in battery and 16 cores, 48 GB memory, 2 x 10 GbE NICs and a Vision Processing Unit (VPU) for computer vision-based applications.
Any experienced IT Pro knows that telemetry is vital in keeping the infrastructure humming. We did a deep dive on Azure Monitor (also known as Log Analytics / App Insights / OMS) back in March 2021. Monitor doesn't just keep tabs on the performance and any issues with your workloads in Azure, as you can also extend it to any VM, running anywhere, using its agent.
Windows Admin Center
This free, web-based administration UI for Windows Server unlocks several of the features covered above, such as ASR. Once you've connected Windows Admin Center (WAC) to your Azure subscription you can right-click on a VM and protect it with ASR with a single click. Azure Backup, File Sync, Monitor, Update Management and the Network Adapter (Point to Site VPN to Azure) are likewise easily enabled.
And now you can use WAC in the Azure portal to manage your Windows servers in Azure.
Azure Stack HCI
This solution combines parts of Azure and the best parts of Windows Server into a hybrid connected platform that runs your workloads. At least two servers in a cluster are connected to an Azure subscription, and storage is provided by Storage Spaces Direct (S2D) -- combining HDDs, SSDs and NVMe devices across all cluster nodes for superfast, reliable VM disk storage.
You can use System Center, Active Directory, Group Policy and PowerShell to manage it so it should slot nicely into your existing on-premises environment. And it now runs AKS for you (preview), meaning you can have a managed K8 cluster that Microsoft upgrades, running in your datacenter.
Azure Stack Hub
This is undoubtedly the jewel in the crown, the ultimate expression of Azure hybrid. An integrated system of 4 to 16 physical servers that you purchase from a select set of OEMs that runs the Azure software stack. It really is Azure in your datacenter, down to the APIs and the UI. Azure Stack Hub (ASH) can be deployed either connected to Azure (your usage is billed through your Azure subscription) or in a disconnected model, think cruise ships or submarines. In this mode you're billed on a consumption of resources basis. Identity can either be integrated with Azure Active Directory (AAD) or using Active Directory Federation Services (ADFS).
Inevitably comparisons between Stack HCI and ASH arise. Think of the former as connecting your datacenter to Azure services and the latter as bringing Azure services into your datacenter. Here's a good article comparing them.
Unlike Stack HCI, you don't have access to the physical servers, you can't install any agents on them and the whole system is locked down to the point that you must access a specific PowerShell endpoint to perform any administrative tasks, all in the name of security and stability. ASH is also designed for multi-tenancy and is in fact used by service providers to offer "Azure" in regions or for particular verticals where Microsoft isn't present yet.
If you want to learn about ASH, without shelling out the LARGE price tag for an integrated system, there's a free Development Kit (ADSK) available that you can run on a single server (256 GB memory+) or in a large Azure VM. This is also handy if you're studying for the recently released AZ-600: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub exam.
As you can see there are many flavors of Azure hybrid technologies that you can use to enhance your hybrid IT and smooth the transition. I hope this overview was useful for navigating your organization's journey towards hybrid nirvana.