VMware and Azure sessions available free at VMworld 2020 29 Sept – 1 Oct
Breakout Session: Run VMware natively on Azure with the latest from Azure VMware Solution
Azure VMware Solution (AVS) is a private cloud VMware-as-a-service solution, allowing customers to retain VMware related investments, tools, and skills, whilst taking advantage of the scale and performance of Microsoft Azure.
Microsoft announced the latest evolution of Azure VMware Solution in May 2020, with the major news that AVS is now a Microsoft first party solution, endorsed and cloud verified by VMware. Microsoft are a VMware strategic technology partner, and will build and run the VMware Software Defined Data Centre (SDDC) stack and underlying infrastructure for you. The latest availability of Azure VMware Solution by region can be found here.
If you have looked at AVS by Cloud Simple before this is a new offering, consistent in architecture but now sold and supported direct from Microsoft, providing a single point of support and fully manageable from the Azure Portal. Cloud Simple were acquired by Google in late 2019.
Azure VMware Solution Explained
Azure VMware Solution is the VMware Cloud Foundation (VCF) software stack built using dedicated bare-metal Azure infrastructure, allowing you to run VMware workloads on the Microsoft Azure cloud. AVS is designed for end-to-end High Availability with built in redundancy. Microsoft own and manage all support cases, including any that may need input from VMware.
Microsoft are responsible for all the underlying physical infrastructure, including compute, network, and storage, as well as physical security of the data centres and environments. As well as hardware failure remediation and lifecycle management, Microsoft are also responsible for the deployment, patching, and upgrade of ESXi, vCenter, vSAN, NSX-T, and Identity Management. This allows the customer to consume the VMware infrastructure as a service, and rather than spending time fire fighting or applying security updates; IT staff can concentrate instead on application improvements or new projects. Host maintenance and lifecycle activities such as firmware upgrades or predictive failure remediation are all carried out with no disruption or reduction in capacity.
Microsoft’s data centres meet the high levels of perimeter and access security you would expect, with 24×7 security personnel, biometric and visual sign-in processes, strict requirements for visitors with sufficient business justification including booking, location tracking, metal detectors and security screening, security cameras including per cabinet and video archive.
The customer is still responsible for Virtual Machines and everything running within them, which includes the guest OS, software, VMware Tools, etc. Furthermore the customer also retains control over the configuration of vCenter, vSAN, NSX-T, and Identity Management. VMware administrators have full control over where their data is, and who has access to it by using Role Based Access Control (RBAC), Active Directory (AD) federation, customer managed encryption keys, and Software Defined Network (SDN) configuration including gateway and distributed firewalls.
Elevated root access to vCenter Server is also supported with AVS, and that helps to protect existing investments in third party solutions that may need certain vCenter permissions for services like backup, monitoring, Anti-Virus or Disaster Recovery. By providing operational consistency organisations are able to leverage existing VMware investments in both people skills and licensing across the VMware ecosystem, at the same time as reducing the risk in migrating to the cloud.
Connectivity between environments is visualised at a high level in the image below from Microsoft’s AVS documentation page. The orange box symbolises the VCF stack, made up of vSphere, vSAN, and NSX-T.
Some example scenarios where AVS may be able to resolve IT issues are as follows:
- Data centre contract is expiring or increasing in cost:
- Hardware or software end of life or expensive maintenance contracts
- Capacity demand, scale, or business continuity
- Security threats or compliance requirements
- Cloud first strategy or desire to shift to a cloud consumption model
- Local servers in offices are no longer needed as workforces become more remote
Azure Hybrid Benefit allows existing Microsoft customers with software assurance to bring on-premises Windows and SQL licenses to AVS. Additionally Microsoft are providing extended security updates for Windows and SQL 2008/R2 running on AVS.
There is a clear and proven migration path to AVS without refactoring whole applications and services, or even changing the VM file format or network settings. With AVS a VM can be live migrated from on-premises to Azure. Hybrid Cloud Extension (HCX) is included with AVS and enables L2 networks to be stretched to the cloud. The Azure VMware Solution assessment appliance can be deployed to calculate the number of hosts needed for existing vSphere environments, full details can be found here.
AVS Technical Specification
Azure VMware Solution uses the customers Azure account and subscription to deploy Private Cloud(s), providing a deep level of integration with Azure services and the Azure Portal. It also means tasks and features can be automated using the API. Each Private Cloud contains a vCenter Server, NSX-T manager, and at least 1 vSphere cluster using vSAN. A Private Cloud can have multiple clusters, up to a maximum of 64 hosts. Each vSphere cluster has a minimum host count of 3 and a maximum of 16. The standard node type used in Azure is the AV36, which is dedicated bare metal hardware with the following specifications:
- CPU: Intel Xeon Gold 6140 2.3 GHz x2, 36 cores/72 hyper-threads
- Memory: 576 GB
- Data: 15.36 TB (8 x 1.92 TB SSD)
- Cache: 3.2 TB (2 x 1.6 TB NVMe)
- Network: 4 x Mellanox ConnectX-4 Lx Dual Port 25GbE
AVS uses local all-flash vSAN storage with compression and de-duplication. Storage Based Policy Management (SBPM) allows customers to define policies for IOPS based performance or RAID based protection. Storage policies can be applied to multiple VMs or right down to the individual VMDK file. By default vSAN datastore is encrypted and AVS supports customer managed external HSM or KMS solutions as well as integrating with Azure Key Vault.
An AVS Private Cloud requires at least a /22 CIDR block on deployment, which should not overlap with any of your existing networks. You can view the full requirements in the tutorial section of the AVS documentation. Access to Azure services in your subscription and VNets is achieved using an Azure ExpressRoute connection, which is a high bandwidth, low-latency, private connection with automatically provisioned Border Gateway Protocol (BGP) routing. Access to on-premises environments is enabled using ExpressRoute Global Reach. The diagram below shows the traffic flow from on-premises to AVS using ExpressRoute Global Reach. This hub and spoke network architecture also provides access to native Azure services in connected (peered) VNets, you can read the full detail here.
AVS Native Azure Integration
A great feature of AVS is the native integration with Azure services using Azure’s private backbone network. Although the big selling point is of course operational consistency, eventually applications can be modernised in ways that will provide a business benefit or improved user experience. Infrastructure administrators that no longer have to manage firmware updates and VMware lifecycle management are able to focus on upskilling to Azure.
Deployment of a Private Cloud with AVS takes as little as 2 hours, and some basic Azure knowledge is required since the setup is done in the Azure Portal, and you’ll also need to create a Resource Group, VNets, subnets, a VNet gateway, and most likely an ExpressRoute too.
To get the full value out of the solution native AWS services can be used alongside Virtual Machines. Some example integrations that can be looked at straight away are; Blob storage offering varying tiers of cost and performant object storage, Azure Files providing large scale SMB file shares with AD authentication options, and Azure Backup facilitating VM backups to an Azure Recovery Services Vault. Additional services like Azure Active Directory (AAD), Azure NetApp File Services, and Azure Application Gateway may also help modernise your environment, along with Azure Log Analytics, Azure Security Center, and Azure Update Manager.
VMware customers using, or interested in, Horizon will also note that the Horizon Cloud on Microsoft Azure service is available, and if configured accordingly will have network line of sight to your VM workloads in AVS, and native Azure services.
For more information on Azure integration see the Azure native integration section of the AVS document page, and the AVS blogs site by Trevor Davis. Further detail on Azure VMware Solution can be found at the product page, FAQ page, or on-demand webinar.