How to run VMware workloads natively on Azure

Businesses should adopt flexible and cutting-edge solutions to achieve greater stability, continuity and resilience of the main application workloads that support their core business. Azure VMware Solution (AVS) is the service designed, built and supported by Microsoft, and approved by VMware, which allows customers to easily extend or completely migrate their VMware applications residing on-premises to Azure. This article lists the key aspects of this solution that benefits from the efficiency of Microsoft's public cloud, while maintaining operational consistency with the VMware environment.

What is Azure VMware Solution (AVS)?

Azure VMware Solution (AVS) is a service that allows the provisioning and execution of an environment VMware Cloud Foundation full on Azure. VMware Cloud Foundation is VMware's hybrid cloud platform for managing virtual machines and orchestrating containers, where the entire stack is based on a hyperconverged infrastructure (HCI). This architecture model ensures consistent infrastructure and operation across any private and public cloud, including Microsoft Azure.

Figure 1 – Azure VMware Solution overview

The solution Azure VMware allows customers to adopt a full set of VMware features, with the guarantee of holding the validation "VMware Cloud Verified". This solution helps to achieve consistency, performance and interoperability for existing VMware workloads, without sacrificing speed, scalability and availability of Azure global infrastructure.

An Azure VMware Solution Private Cloud includes:

  • Dedicated bare-metal servers provided with ESXi VMware hypervisor
  • vCenter server for managing ESXi and vSAN
  • VMware NSX-T software defined networking for vSphere vMs
  • VMware vSAN datastore for vSphere vMs
  • VMware HCX for workload mobility management

Figure 2 – Azure VMware Solution Macro-Architecture

On these infrastructures, it will be possible to create, deploy or migrate VMware virtual machines, but with the advantage of also using the various services offered by Azure.

Main adoption scenarios

The Azure VMware solution can be adopted to address the following scenarios:

  • Need to expand your datacenter
  • Disaster recovery and business continuity
  • Application Modernization
  • Reduction, consolidation or decommissioning of your datacenter

Thanks to this solution it is possible to redistribute your VMware-based virtual machines in an automated way, scalable and highly available without changing the underlying vSphere hypervisor. Systems can be migrated by adopting native VMware solutions (VMware HCX) or using Azure Migrate.

Benefits of the solution

Among the main benefits of adopting this solution it is possible to mention:

  • Ability to take advantage of investments already made in the skills and tools for managing on-premises VMware environments.
  • Modernization of your application workloads by adopting Azure services and without facing interruptions.
  • Convenience especially for running Windows and SQL Server workloads. In fact,, customers who adopt this solution are entitled to three years of free extended security updates for Windows Server and SQL Server. Furthermore, being in effect an Azure service, Azure VMware Solution supports Azure Hybrid Benefits, that allow you to maximize the investments made in local Windows Server and SQL Server licenses during the migration or extension to Azure. Finally, you can get a financial benefit by buying Reserved Instances (to 1 or 3 years) to save on the cost of the Azure VMware Solution.

Features of the solution

Azure Private Cloud infrastructure contains vSphere clusters on dedicated bare metal systems, able to scale from 3 to 16 host. It also provides the ability to have multiple clusters in a single Azure Private Cloud. The hosts are high-end and equipped with two Intel processors 18 core, 2,3 GHz and 576 GB RAM.

Storage

Azure Private Clouds provide cluster-level storage using software-defined technology vMware vSAN. All local storage of each host in a cluster is used in a vSAN datastore and at-rest data encryption is enabled by default. The vSAN datastore also enables deduplication and data compression.

All disk groups use an NVMe cache of 1,6 TB with a raw capacity of 15,4 TB per host, based on SSD disks. The raw capacity of a cluster is the capacity per host multiplied by the number of nodes.

You can use Azure storage to extend the storage capacity of these private clouds. For more information about storage, see the Microsoft-specific documentation.

Networking

The solution offers a private cloud environment accessible from on-premises and Azure-based resources. Services like Azure ExpressRoute, VPN connections or Azure Virtual WAN are required to ensure connectivity.

In particular, ExpressRoute is used to connect physical components to the Azure backbone. Since Virtual Network Gateways connected to an ExpressRoute circuit cannot pass traffic between two circuits (one circuit will go to the on-premises environment and one will go to the Azure VMware solution) Microsoft uses the feature ExpressRoute Global Reach to directly connect the local circuit to AVS.

Figure 3 – Azure VMware Solution Networking

If ExpressRoute Global Reach cannot be activated, it is possible to evaluate the adoption of a routing solution using third-party appliances (NVA) or Azure Virtual WAN. In the scenario with NVA it becomes useful Azure Route Server, which simplifies dynamic routing between the virtual network appliance (NVA) and the Azure virtual network. Azure Route Server allows you to exchange routing information directly through the Border Gateway Protocol (BGP) between any NVA (which supports this protocol) and the Azure virtual network, without the need to configure or maintain routing tables.

When you activate an Azure Private Cloud with Azure VMware Solution private networks are created for management, provisioning and vMotion functionality.

For further information on networking, see the Microsoft documentation and this document where more details are reported on possible scenarios to ensure connectivity.

Access and security

In order to achieve greater security, Azure VMware solution's private clouds use vSphere role-based access control. vSphere SSO LDAP features can be integrated with Azure Active Directory. For more information on this, see this Microsoft's document.

Management of updates and maintenance of the solution

One of the main advantages of this solution is that the platform is maintained by Microsoft and automatic and regular updates are included, providing the latest feature sets and increased security and stability.

The components of the Azure VMware solution that are subject to updates are as follows:

  • vCenter and ESXi
  • vSAN
  • NSX-T
  • Underlying hardware with bare metal node and network switch drivers and firmware

The following updates are applied to the Azure VMware solution:

  • Security patches and bug fixes released by VMware.
  • Major and minor version updates of VMware components.

In addition to performing updates, the Azure VMware solution also provides a backup of the configuration of the following VMware components:

  • vCenter Server
  • NSX-T Manager

More details about maintenance and platform updates can be found in this Microsoft article.

Support and Responsibility

Azure VMware Solution is validated, supported and certified by VMware and Microsoft. The support of the solution is provided by Microsoft which is always the first and only point of contact for the customer. If necessary, Microsoft will coordinate with VMware support for specific issues regarding VMware solutions.

Azure VMware Solution uses a shared responsibility model according to the following matrix:

Figure 4 – Azure VMware Solution: shared responsibility matrix

Solution security

Azure VMware Solution can count on a high degree of security consisting of the following factors:

Figure 5 – Factors that make up the security of Azure VMware Solution

Solution availability

The solution can be adopted in production environments and is currently available on several Azure regions, available at this link.

Solution monitor

The complete monitor of the solution can be done via Azure Monitor and, after the solution is activated in the Azure subscription, automatically starts collecting its logs. Furthermore, you can install the Azure Monitor agent on Linux and Windows virtual machines hosted in the private clouds of the Azure VMware solution, you can also enable the Azure diagnostics extension.

Conclusions

Thanks to the close collaboration between Microsoft and VMware, this solution offers customers who already have an on-premises VMware environment the same possibilities also in the Microsoft public cloud., being able to adopt the wide range of services offered by Azure. Furthermore, this solution allows you to take advantage of a consistent operating model that can increase agility, deployment speed and resiliency of your business critical workloads.

Please follow and like us: