Category Archives: Cloud & Datacenter Management

5 reasons to choose Azure VMware Solution over other VMware solutions in the cloud

Broadcom’s acquisition of VMware is causing significant upheaval among organizations that use VMware solutions, pushing them to explore alternatives to counteract changes in licensing policies and uncertainties about the continuity of products and services. In this context of uncertainty, VMware solutions on public clouds are gaining relevance as valid options to consider in certain scenarios. Microsoft, through Azure VMware Solution (AVS), offers a promising option. However, it is essential to recognize that similar alternatives are also offered by other cloud giants such as AWS, Google Cloud, and Oracle Cloud. This article aims to analyze the unique advantages of AVS, demonstrating why it can be considered the most advantageous choice for organizations in this delicate transition period.

Use Cases for Azure VMware Solution

Azure VMware Solution (AVS) is not suitable for all types of customers but can be ideal in specific adoption scenarios that require particular features and benefits. The main scenarios in which AVS is chosen include:

  • Disaster Recovery and Business Continuity: AVS offers interesting features for those who intend to undertake a path towards disaster recovery and business continuity.
  • Expansion, reduction, or consolidation of the datacenter: whether it’s about expanding existing capacity, reducing physical footprint, or consolidating infrastructures, AVS can facilitate these processes.
  • Simple and fast migration of workloads to Azure: for companies seeking a rapid and seamless transition of their existing VMware workloads to the cloud, AVS offers an optimal solution without the need for complex new configurations.
  • Application Modernization: although less common, application modernization becomes an accessible possibility once the AVS environment is operational. This scenario allows for agile leveraging of Azure’s extensive service ecosystem to innovate and improve existing applications. These scenarios demonstrate how AVS is particularly suited for large companies that require specific continuity, scalability, and modernization solutions within their VMware ecosystem.

Key Benefits of Azure VMware Solution

1. Azure Hybrid Benefit

One of the main benefits of choosing AVS is the Azure Hybrid Benefit. This program allows companies to use their existing Windows Server and SQL Server licenses with Software Assurance to save significantly on costs. This approach not only reduces expenses but also maximizes the investments already made in software licenses, providing a substantial economic advantage over other platforms that do not offer similar options.

2. Free Extended Security Updates (ESU)

Azure also stands out for its offering of free Extended Security Updates (ESU) for Windows Server and SQL Server 2012 and 2012 R2, extending protection up to three years beyond the product’s extended support end date. These updates, available at no additional cost, extend protection for three years beyond the planned end of extended support for these products. This opportunity is particularly relevant for companies that continue to use legacy applications, representing an exclusive advantage over competitors like AWS and Google. ESUs act as a temporary bridge to ensure security during the transition period towards more modern and supported platforms.

3. Integration with other Azure services

Another advantage of Azure VMware Solution (AVS) is its native integration with a wide variety of Azure services, including those related to artificial intelligence through Azure AI. This synergy allows companies to easily integrate advanced AI features into their applications, leveraging Azure’s infrastructure to innovate and enhance their service offerings.

4. Global availability

In terms of geographical availability, AVS has a significantly broader presence compared to competing solutions, with 30 public cloud regions available, including the North Italy region. This number is higher compared to competitors, with VMware Cloud on AWS available in 23 regions and Google Cloud VMware Engine in 19. This extensive network of available regions offers greater flexibility and facilitates better proximity to customers, effectively meeting the local needs of companies.

5. Price protection and savings

Azure promotes the adoption of Azure VMware Solution (AVS) with advantageous price protection policies and saving opportunities. Companies can take advantage of the Reserved Instances option to fix prices for periods of one, three, or five years, thus ensuring predictable costs in the long term. Furthermore, until December 31, 2024, there is a special offer that provides a 20% discount on the purchase of new annual Reserved Instances for the Azure VMware solution. It is important to note that the option for five-year Reserved Instances will only be available until the same date, offering an additional opportunity to plan long-term investments under economically favorable conditions.

Conclusion

Choosing Azure VMware Solution over the offerings of other cloud service providers is not just a matter of comparing technical features but also of evaluating economic benefits, security, integration, and global availability. For companies looking to optimize their VMware investment in the cloud, AVS represents a highly advantageous solution, leveraging the Azure ecosystem to provide superior service. With these strengths, Azure positions itself as a leader in the transition towards VMware-based cloud environments.

Business Continuity and Disaster Recovery (BCDR) Strategies for Azure Stack HCI

Azure Stack HCI is a cutting-edge solution in the hyper-converged infrastructure landscape, designed to offer businesses the flexibility to integrate their on-premise infrastructure with the capabilities of Azure cloud. This platform stands out for its ability to optimize resources, enhance operational efficiency, and ensure simplified management through advanced virtualization, storage, and networking technologies. In an increasingly digitalized context, where operational continuity and rapid response capabilities to potential disasters are essential, Azure Stack HCI emerges as the ideal solution to meet these challenges, ensuring organizations remain resilient, operational, and competitive, even in the face of unforeseen events and calamities. This article aims to explore the main Business Continuity and Disaster Recovery (BCDR) strategies that can be implemented with Azure Stack HCI, highlighting how this platform can be a fundamental element for a robust IT infrastructure.

Overview of Azure Stack HCI

Azure Stack HCI is an innovative solution from Microsoft that allows the implementation of a hyper-converged infrastructure (HCI) in an on-premise environment, while simultaneously providing a strategic connection to Azure services. This platform supports Windows and Linux virtual machines, as well as containerized workloads, along with their storage. As a hybrid product par excellence, Azure Stack HCI enhances integration between on-premise systems and Azure, offering access to various cloud services, including monitoring and management.

This hybrid model simplifies the adoption of advanced scenarios like disaster recovery, cloud backup, and file synchronization, facilitating the expansion of business operations into the cloud as needed. The main advantages of Azure Stack HCI include reduced IT complexity, cost optimization through more efficient resource use, and the ability to rapidly adapt to the continuously evolving business needs.

Figure 1 – Overview of Azure Stack HCI

For a detailed exploration of the Microsoft Azure Stack HCI solution, I invite you to read this article or view this video.

The Importance of Business Continuity and Disaster Recovery

The strategies of Business Continuity and Disaster Recovery are crucial in the context of Azure Stack HCI for several reasons.

Having solid BC and DR strategies ensures that, even in the face of hardware failures, natural disasters, cyberattacks, or other forms of disruptions, critical operations can continue without substantial interruptions. This not only protects the reputation and continuity of the business, but also ensures that critical data is protected and recoverable, minimizing the risk of financial and data loss.

Moreover, in an environment increasingly dependent on data and applications for daily operations, IT resilience becomes a competitive factor. Implementing effective BC and DR strategies in Azure Stack HCI allows demonstrating reliability and resilience to stakeholders, including customers, partners, and employees, strengthening confidence in the operational model.

For these reasons, BC and DR are fundamental elements of the IT strategy in Azure Stack HCI, ensuring that business operations can withstand and quickly recover from disruptions, thus protecting the operational integrity of the organization.

Risk Assessment and Business Impact

In the realm of IT infrastructure management, the ability to anticipate and effectively respond to potential risks is crucial for maintaining business continuity. The optimal adoption of Azure Stack HCI requires a thorough analysis and a well-defined mitigation strategy. In this section, we explore the essential steps for identifying risks, assessing business impact, and establishing recovery priorities, key elements for successfully implementing an effective Business Continuity and Disaster Recovery (BCDR) strategy in the Azure Stack HCI environment.

Risk Identification

Risk assessment for the Azure Stack HCI environment must rely on meticulous analysis to identify potential risks that can threaten the integrity and operational continuity of the infrastructure. These risks can vary from natural disasters such as floods and earthquakes to hardware failures, network disruptions, cyberattacks, and software issues. It is essential to perform a targeted assessment to identify and classify risks, thus creating a solid foundation for strategic planning and mitigation.

Business Impact Analysis

Next, it is necessary to proceed with assessing the impact that each identified risk can have on business operations. This process, known as Business Impact Analysis (BIA), focuses on the extent of disruption each risk can cause, evaluating consequences such as loss of critical data, disruption of essential services, financial impact, and loss of reputation. The goal is to quantify the Maximum Tolerable Downtime (MTD) for each critical business function, in order to establish recovery priorities and the most appropriate response strategies.

Recovery Priorities

Based on the Business Impact Analysis, recovery priorities are established to ensure that resources and efforts are focused on restoring the most critical functions for business operations. This approach ensures that recovery time objectives (RTOs) and recovery point objectives (RPOs) are aligned with business needs and expectations.

Business Continuity and Disaster Recovery Strategies

The Business Continuity strategies for Azure Stack HCI aim to create a highly available and resilient environment, thus ensuring the continuity of business activities. Concurrently, the Disaster Recovery (DR) strategies are designed to ensure a quick and efficient resumption of IT operations following critical events. In the following paragraphs, we explore the key aspects to consider for effectively implementing these strategies.

Redundancy and High Availability

Redundancy and high availability are fundamental components of Business Continuity strategies in Azure Stack HCI. Implementing redundancy means duplicating critical system components, such as servers, storage, and network connections, to ensure that in the event of a component failure, another can take its place without interruption. Azure Stack HCI supports high availability configurations through failover clusters, where computing and storage resources are distributed across multiple nodes. In case of a node failure, workloads are automatically shifted to other available nodes in the cluster, thus maintaining operations without downtime. This configuration not only protects against hardware failures but also ensures resilience against operating system-level disruptions.

Backup and Recovery

Regarding backup and recovery, it is essential to implement a strategy that ensures data protection and the ability to quickly restore data after an interruption. Azure Stack HCI integrates with most backup solutions, ensuring security and reducing the risk of data loss. It is recommended to schedule regular backups, adapting them to the frequency of data changes and specific business needs. Additionally, it is advised to regularly test restores to ensure that data can indeed be recovered within the time specified by the Recovery Time Objective (RTO).

Operational Continuity Testing

To validate the effectiveness of continuity strategies, it is crucial to regularly conduct operational continuity tests. These tests not only include backups and restores but also assess the ability of the infrastructure to function in conditions of partial or total failure. It is important to conduct targeted tests during the initial validation phase of the environment and to repeat them periodically in different scenarios to ensure that redundancy mechanisms function as expected.

Disaster Recovery Sites and Processes

Azure Stack HCI supports various disaster recovery site configurations to increase resilience. On-premise disaster recovery sites can be configured through stretched clusters that distribute the workload across multiple geographic sites, ensuring operational continuity even in the event of a complete failure of one of the sites.

Figure 2 – Comparison of types of stretched clusters

Alternatively, disaster recovery sites on Azure offer the flexibility to utilize cloud capacity for rapid recovery, enabling effective management of Disaster Recovery (DR) with virtual resources that can be quickly scaled.

Figure 3 – Hybrid features of Azure Stack HCI with Azure services

The disaster recovery process in Azure Stack HCI must be designed to ensure a quick and efficient resumption of IT operations after a critical event. This may include configuring failover mechanisms that leverage specific solutions, such as Azure Site Recovery (ASR), to orchestrate the recovery of virtual machines and services. With ASR, recovery can also be tested in a sandbox environment, thus ensuring the integrity of the process without impacting the production environment.

Automation and Documentation

Automation plays a key role in disaster recovery processes for Azure Stack HCI. By using tools such as Azure Site Recovery and Azure Automation, the client can automate the failover and failback process, reducing human error and accelerating recovery times. Automation ensures that each step of the DR plan is executed consistently and in accordance with defined standards.

Concurrently, detailed documentation of all disaster recovery procedures is essential. This should include recovery plans, system configurations, operational instructions, and key contacts. Documentation must be easily accessible and regularly updated to reflect any changes in the infrastructure or procedures. Having comprehensive and up-to-date documentation is crucial for ensuring an effective response during a disaster and for facilitating ongoing reviews and improvements to the DR plan.

Monitoring and Management Tools

The management of Azure Stack HCI is conducted using widely recognized tools such as Windows Admin Center, PowerShell, System Center Virtual Machine Manager, and third-party applications. The integration between Azure Stack HCI and Azure Arc allows for extending cloud management practices to on-premises environments, significantly simplifying use and monitoring. In particular, the Azure Stack HCI Insights solution offers an in-depth view of the health, performance, and utilization of Azure Stack HCI clusters.

Figure 4 – Azure Stack HCI monitoring

These tools provide detailed and simplified management of the platform, including configuration and monitoring of BCDR functions, facilitating daily operations and ensuring a timely response in case of emergencies.

Conclusions

Business Continuity and Disaster Recovery strategies are essential in the context of Azure Stack HCI, which not only protects businesses from interruptions and disasters but also drives innovation and operational efficiency. Integration with Azure services enhances the resilience and risk management of Azure Stack HCI. This platform offers a solid architecture and allows integration with advanced features for backup and recovery, supporting businesses in ensuring data continuity and integrity. Azure Stack HCI thus proves to be not only a modern infrastructure solution but also a pillar for corporate IT resilience.

Strategic Integration Between Azure Stack HCI and Azure Virtual Desktop

In the current context of continuous technological evolution, the importance of resilient, scalable, and secure infrastructure solutions has never been more apparent. Microsoft’s Azure Stack HCI emerges as a key player in this landscape, offering a powerful hybrid platform that bridges on-premises environments and the cloud. With the integration of Azure Virtual Desktop (AVD), this solution becomes even more strategic for companies looking to navigate the complexities in the field of desktop and application virtualization, extending the capabilities of Microsoft’s managed cloud service to the hybrid cloud environment. Through this approach, organizations can now deploy virtual desktops and applications more efficiently, while ensuring low-latency connectivity and access to Azure’s managed services for leading-edge management, security, and scalability. This article will explore in detail the features, benefits, and innovations of Azure Virtual Desktop on Azure Stack HCI, providing a comprehensive overview of how these technologies can transform company IT infrastructures to better face the challenges of the modern work world.

Overview of Azure Stack HCI and Azure Virtual Desktop

What is Azure Stack HCI?

Azure Stack HCI is an innovative solution from Microsoft that enables the implementation of a hyper-converged infrastructure (HCI) for running workloads on-premises while maintaining a strategic connection to Azure services. This system eliminates the need for various traditional hardware components, opting instead for a software solution that integrates computing, storage, and networking into a single platform. This marks an evolution from traditional “three-tier” infrastructures, characterized by network switches, appliances, physical systems with hypervisors, storage fabric, and SAN, to a more simplified and efficient solution. Azure Stack HCI offers an infrastructure powered by a hyper-converged model, which supports both Windows and Linux virtual machines as well as containerized workloads, together with their storage. As a quintessential hybrid product, Azure Stack HCI facilitates the integration between on-premises systems and Azure, allowing access to cloud-based services, monitoring, and management. This gives organizations the agility and benefits typical of public cloud infrastructure, while effectively responding to use cases and regulatory requirements of specialized workloads that need to remain on-premises. Azure Stack HCI thus positions itself as a strategic choice for organizations aiming to combine cloud efficiency with the specific needs of the on-premises environment.

What is Azure Virtual Desktop?

Azure Virtual Desktop is a state-of-the-art VDI (Virtual Desktop Infrastructure) solution, cloud-based, designed to effectively meet the needs of modern work, whether remote or hybrid. Unique in its kind, it is fully optimized to leverage the multi-session capabilities of Windows 11 and Windows 10, ensuring optimal integration and efficiency. Additionally, Azure Virtual Desktop stands out for its robust security features, designed to protect corporate applications and data while ensuring compliance with current regulations. The platform is designed to significantly simplify the deployment and management of the VDI infrastructure, offering complete control over configuration and management. Thanks to its consumption-based pricing structure, it allows for reduced operational costs, leveraging investments and skills already acquired in the field of virtualization, paying only for the resources actually used.

What is Azure Virtual Desktop for Azure Stack HCI?

Azure Virtual Desktop for Azure Stack HCI represents an innovative technological solution that integrates the distinctive benefits of Azure Virtual Desktop and Azure Stack HCI. This integration offers organizations the flexibility to run virtualized desktops and applications securely not only in the cloud but also on-premises. Particularly suitable for entities with specific data residency requirements, latency sensitivity, or data proximity needs, Azure Virtual Desktop for Azure Stack HCI extends the capabilities of the Microsoft Cloud to corporate datacenters, promoting an IT environment more adaptive and responsive to business needs.

Key Features and Benefits

The main features and benefits of this solution include:

  • Performance optimization: enhances the user experience of Azure Virtual Desktop in regions with limited connectivity to the Azure public cloud, offering session hosts in physical proximity to users.
  • Compliance with data locality requirements: allows organizations to meet data residency requirements, keeping the data of applications and users on-premises. This aspect is crucial for companies operating in regulated sectors or with specific data privacy and security needs.
  • Access to legacy resources: facilitates access to legacy applications and data sources by keeping them in the same physical location as virtualized desktops and apps.
  • Full and efficient Windows experience: ensures a smooth and complete user experience thanks to compatibility with Windows 11 and Windows 10 Enterprise multi-session, while optimizing operational costs.
  • Unified management: simplifies the deployment and management of the VDI infrastructure compared to traditional on-premises solutions, using the Azure portal for centralized and integrated control.
  • Optimal network performance: ensures the best connection performance with RDP Shortpath, reducing latency and improving user access to virtualized resources.
  • Simple updates: allows for quick and simple deployment of the latest fully updated images through the use of Azure Marketplace images, thus ensuring that the virtual environment remains secure and up-to-date.

Azure Virtual Desktop for Azure Stack HCI is configured as a highly scalable and secure solution that enables companies to effectively address challenges related to data management, latency, and compliance, promoting an optimized and centrally manageable virtual work environment.

Integration Mechanisms

The main key mechanisms through which AVD integrates with Azure Stack HCI include:

  • Virtual machines as Session Hosts: the virtual machines (VMs) created on Azure Stack HCI act as session hosts for AVD. These VMs are managed just like any Azure VM but are located on-premises.
  • Azure managed components: AVD on Azure Stack HCI uses Azure managed components, such as brokerage and gateway services, while deploying session host pools directly on Azure Stack HCI clusters.
  • System requirements: to implement this configuration, you need to have Azure Stack HCI version 23H2 or higher. Additionally, you must have a Windows image for the VMs and a logical network that supports DHCP on Azure Stack HCI.

Deployment and Management

Here is how the deployment and management of AVD in this hybrid context works:

  • Location definition: deploying on Azure Stack HCI requires defining a custom location that represents the Azure Stack HCI cluster during the creation of resources on Azure. This step is crucial to ensure that resources are correctly associated with the desired physical infrastructure.
  • Configuration of Session Host pools: session host pools can be made up of VMs located in the Azure cloud or on a specific Azure Stack HCI cluster. It is important to note that VMs from both origins cannot be combined within a single pool.
  • Consistent management: the management of session hosts and user identities, which must be hybrid configurations synchronized between AD on-premises and Microsoft Entra ID, remains in line with standard Azure Virtual Desktop practices.

Licensing and Pricing

To implement Azure Virtual Desktop on Azure Stack HCI, it is essential to understand and ensure compliance with the necessary licenses and pricing models. Here are the three main components that influence the cost of Azure Virtual Desktop on Azure Stack HCI:

  1. Infrastructural costs: these costs directly relate to the Azure Stack HCI infrastructure on which Azure Virtual Desktop is run. More information on the Azure Stack HCI cost model can be found in this article.
  2. User access rights: the same licenses that grant access to Azure Virtual Desktop on Azure also apply to Azure Virtual Desktop for Azure Stack HCI. It is important to note that user access pricing for external users is not supported on Azure Virtual Desktop for Azure Stack HCI.
  3. Hybrid service rate: this is an additional rate that applies to each active virtual CPU (vCPU) on Azure Virtual Desktop session hosts operating on Azure Stack HCI. The rate for the hybrid service is $0.01 per vCore per hour of use.

Conclusions

The innovative contribution of Azure Stack HCI, further enhanced by the integration with Azure Virtual Desktop, marks a fundamental turning point for organizations aspiring to an advanced and hybrid IT infrastructure. Azure Stack HCI establishes itself as the backbone of this transformation, offering optimized management of on-premises workloads, together with the flexibility and efficiency characteristic of the cloud. The implementation of Azure Virtual Desktop on Azure Stack HCI proves ideal for organizations that wish to leverage the potential of the cloud, while maintaining the specific needs of on-premises environments. This solution sets a new standard in the sector of hybrid VDI solutions, proposing an effective balance between innovation and customization.

Impact of Broadcom’s acquisition of VMware and Microsoft’s alternative solutions

The tech industry witnessed one of the most significant mergers in recent times in November 2023, with Broadcom’s acquisition of VMware. This historic deal, now known as “VMware by Broadcom,” immediately raised questions and sparked interest among customers and industry analysts. Indeed, in an ever-evolving technological landscape, the repercussions of such a merger extend well beyond the walls of VMware and Broadcom, directly affecting existing customers and the global market for cloud services and IT infrastructure. Amidst a sea of changes, including shifts in licensing policies and potential uncertainty about the continuity of products and services offered, a clear need emerges for organizations to carefully assess their options.

It is in this context that Microsoft emerges as a key player, offering alternative solutions that promise not only to mitigate the risks associated with this major acquisition but also to provide new opportunities for growth and innovation. With a wide range of cloud services, virtualization tools, and infrastructure solutions, Microsoft stands out as a solid reference point for those seeking stability and reliability in a rapidly evolving IT landscape.

This article aims to explore in detail the impact of Broadcom’s acquisition of VMware, highlighting the main concerns of customers and outlining how Microsoft’s proposed alternative solutions can represent a strategic way out for organizations facing this significant change.

Main Customer Concerns

The following paragraphs report the main concerns raised by customers following Broadcom’s acquisition of VMware.

Transition from Perpetual Licenses to Subscriptions

A significant change introduced by Broadcom involves the transition from perpetual licenses, once a cornerstone of VMware’s offering, to a subscription-based model. This move raises concerns about long-term costs, as the recurring expenses of subscriptions can accumulate and exceed the one-time costs of perpetual licenses. Moreover, there is fear that customers may lose control over software versions and be subject to additional costs for updates.

Lack of Price Transparency

Customers express concerns about the lack of transparency in the pricing structure post-acquisition. Broadcom has announced reductions in “unit cost” but without providing clear details, raising fears of hidden costs and included services not requested. This uncertainty makes it difficult for customers to predict their future expenses.

Risk of Product Discontinuity

Broadcom’s history of optimizing product portfolios through the elimination of less profitable offerings has fueled concern over the potential discontinuity of popular VMware products. A case in point was the announcement of the end of availability of the free hypervisor vSphere (ESXi 7.x and 8.x), which has created uncertainty and pushed customers to evaluate alternative solutions.

Reduced Choice and Vendor Lock-in

The elimination of some products and increased dependence on Broadcom’s offerings can limit customers’ options, increasing the risk of lock-in with a single vendor. This scenario raises concerns about a possible increase in costs and a reduction in bargaining power.

Concerns about Reduced R&D

There is a strong concern that Broadcom’s historically cost-cutting approach could limit investments in research and development (R&D), compromising the innovation that has characterized VMware’s success. Memories of past acquisitions, where Broadcom cut R&D budgets, fuel fears about the future competitiveness and vitality of VMware products.

Impact on the VMware Ecosystem

Forrester Research Prediction

Forrester Research has predicted that about 20% of VMware’s enterprise customers may decide to abandon the VMware stack, driven by concerns related to the acquisition. This significant percentage of customers is looking for alternatives to meet their needs in areas such as virtualization, cloud environment management, remote access for end-users, and hyper-converged infrastructure solutions.

VMware Product Strategy and Focus

VMware has responded by simplifying its product portfolio, focusing the offering on three main areas: VMware Cloud Foundation, VMware vSphere Foundation, and additional services. This simplification aims to make it clearer for customers the technological path to follow, maintaining unchanged integrations with major cloud providers such as Azure, AWS, and Oracle. Moreover, for smaller implementations, VMware has kept the vSphere Standard and the vSphere Essentials Plus Kit, offering accessible options without overwhelming customers with an overly broad range of products.

Pricing and Offers

Despite the changes, VMware maintains a constant in its pricing strategy and offerings, opting for a subscription model that allows customers to align costs with the actual use of the software. This approach includes:

  • Subscription model: Allows paying for software based on actual use, aligning costs with real needs and avoiding large initial capital expenses (CAPEX). With terms of 1, 3, and 5 years, it offers the possibility to choose the duration of the subscription that best suits the organization’s needs and budget forecasts.
  • Core-based pricing: Rates are determined by the number of CPU cores used by the virtual machines, ensuring a cost allocation proportional to the resources used. A key aspect of the pricing model is the minimum threshold, which is equal to 16 cores per CPU.

Microsoft’s Alternative Solutions

Microsoft emerges as a key partner for customers looking for alternatives, offering innovative solutions for the migration and modernization of IT infrastructure. With an approach focused on innovation and flexibility, Microsoft primarily proposes the following solutions that can meet different needs and scenarios.

Azure Stack HCI: Bringing Azure into your data center with a hybrid infrastructure

Azure Stack HCI is Microsoft’s solution for creating an efficient and modern hyper-converged (HCI) infrastructure, suitable for running workloads in an on-premises environment with tight integration with Azure services. This solution is designed to facilitate the modernization of hybrid data centers, allowing users to enjoy a cohesive and familiar Azure experience even on-premises. Azure Stack HCI aims to simplify IT infrastructure management while improving efficiency and operational agility. For a detailed exploration of the Microsoft Azure Stack HCI solution, I invite you to read this article or watch this video. Additionally, for scenarios where a constant connection cannot be guaranteed (“disconnected” scenarios), it is possible to foresee the implementation of virtualization, storage, and network management solutions that leverage recent and innovative technologies included in Windows Server. For the latter, the new version 2025 will soon be launched.

Figure 1 – Azure Stack HCI overview

Azure VMware Solution (AVS): VMware in Microsoft’s data centers for enterprise realities

Azure VMware Solution leverages VMware technology on Azure to maintain symmetry with on-premises VMware environments, thereby accelerating the migration of VMware workloads to the Azure cloud with minimal adjustments. AVS facilitates the management of a hybrid cloud environment, offering private clouds in Azure, built on dedicated Azure infrastructure and bare-metal. Managed and supported directly by the Azure team and validated by VMware, this solution frees organizations from managing infrastructure and software. AVS includes essential VMware licenses such as vSphere, vSAN, NSX, and vMotion (VMware HCX), significantly simplifying migration and integration with Azure. For more details on the solution, you can consult this article on How to natively run VMware workloads in Azure.

Moreover, the Azure VMware Solution was recently made available in the Azure region of Northern Italy. This expansion allows customers in Italy to seamlessly integrate their VMware workloads with Azure services, leveraging the global scale, security, and performance of Azure while maintaining the VMware tools and skills they are accustomed to.

Figure 2 – Azure VMware Solution (AVS) overview

A particularly relevant aspect for organizations using Windows Server 2012 and 2012 R2 systems is the continuity of support in terms of security updates. Azure VMware Solution offers a significant advantage in this area: Extended Security Updates (ESU) for these systems are available at no additional cost when run on Azure VMware Solution. The provision of free ESU in Azure VMware Solution removes a common concern among many organizations regarding the costs and complexity associated with maintaining older systems in a secure environment. This approach allows companies to plan their migration and modernization of workloads with greater peace of mind, knowing that their Windows Server 2012 and 2012 R2 systems will continue to receive the necessary security updates for another 3 years during the transition to more recent technologies.

Azure VMware Solution not only facilitates the migration and integration of VMware environments with the Azure cloud but also provides essential support for managing legacy operating systems, offering a secure path to technological innovation and modernization without compromising security or operational stability.

Azure IaaS and PaaS: Migration and Modernization with Azure

For organizations aiming for a more radical modernization, Microsoft proposes migration to Azure IaaS (Infrastructure as a Service) and PaaS (Platform as a Service). This strategy allows migrating, restructuring, and rewriting applications leveraging modern architectural models. Azure IaaS ensures the management and execution of applications on a reliable cloud infrastructure, with a focus on security and compliance. Azure PaaS options further accelerate application development, providing a rich variety of tools. These platforms facilitate the quick creation of applications, support for development across different platforms, and the use of advanced resources in a cost-effective manner thanks to a payment model based on actual use. Modernization with Azure IaaS and PaaS offers a smooth transition to a flexible infrastructure, eliminating the need for VMware licenses.

Figure 3 – Moving to Azure IaaS and PaaS

Conclusions

Broadcom’s acquisition of VMware represents a significant turning point for the tech industry, marking the beginning of a new era of uncertainty and opportunity. While this merger raises legitimate concerns among customers regarding the continuity of products, price transparency, and the safeguarding of IT investments, it also opens the door to new horizons of growth and innovation. In this context of change, Microsoft stands out as a reference point, offering robust alternative solutions that not only directly address the concerns raised by this situation but also provide an opportunity for organizations to renew and enhance their IT infrastructures with cutting-edge technologies. The solutions proposed by Microsoft, including Azure Stack HCI, Azure VMware Solution (AVS), and migration and modernization options with Azure IaaS and PaaS, represent a strategic response to the challenges posed by the acquisition. These offerings allow organizations to achieve operational continuity, flexibility, and access to an innovative ecosystem that supports growth and innovation.

Windows Server 2025: the arrival of a new era of innovation and security for server systems

Microsoft is set to redefine the future of server operating systems with the announcement of its next major release: Windows Server 2025. This release will represent an evolutionary leap in the field of server operating systems, thanks to the introduction of innovative features that promise to revolutionize server management, their security, and performance. The new version is packed with improvements aimed at increasing operational efficiency and meeting the increasingly complex needs of modern IT environments. In this article, we will explore in detail the key features of Windows Server 2025, analyze its expected launch date, and evaluate its positioning in relation to Azure Stack HCI.

What’s New in Windows Server 2025

The latest version of Windows Server, named “Windows Server 2025,” marks a turning point in the evolution of server operating systems, introducing a wide range of innovations and improvements aimed at meeting the most pressing needs of users and introducing new features to optimize performance, security, and server management. Here is a detailed overview of the main new features integrated into this version:

  • Hot Patching: one of the most anticipated features, hot patching, will be available to all users of Windows Server 2025. This technology allows for updates to be applied in-memory, avoiding the restarts of the traditional patching process, which can disrupt operations. Originally welcomed with enthusiasm by the Xbox team for managing their Azure servers, hot patching has proven to drastically reduce update times. The expansion of hot patching will be linked to the Azure Arc management tool, and will also be accessible for the upcoming Standard and Datacenter editions of Windows Server, on a paid basis, although it is currently available at no additional cost for Azure Edition and Azure Stack HCI users.
  • Next-Generation Active Directory: Windows Server 2025 introduces significant improvements to Active Directory, increasing scalability through the adoption of larger database pages (32k) and improving support for systems with a high number of cores. Numerous security reinforcements have also been implemented, including support for LDAP over TLS 1.3 and a new replication priority feature, making Active Directory more robust and secure.
  • Improved Storage Performance and Flexibility: the new operating system brings significant optimizations for NVMe storage, promising an increase in IOPS of up to 90% compared to the previous version. Support for NVMe over Fabric, improvements for Storage Replica, and a new native deduplication mechanism for ReFS, optimized for active data, have also been introduced.
  • Hyper-V and Artificial Intelligence: with the introduction of GPU partitioning (GPU-P), Windows Server 2025 allows for the sharing of a GPU across multiple virtual machines, ensuring full support for real-time migration and clustering. Improved support for direct device assignment (DDA) and the introduction of GPU pools for high availability further elevate Hyper-V’s capabilities.
  • Modernized Server Experience: the upgrade to Windows Server 2025 is made simpler through the ability to perform it directly from Windows Update, ensuring a smooth and seamless transition, in line with the commitment to an improved user experience.
  • Enhanced Security and Networking: new security measures have been introduced, including mandatory SMB Signing by default and improvements in protection against brute force attacks on SMB. Advanced networking features have also been introduced, such as intent-based ATC and significant performance improvements to the SDN gateway.
  • Containers and AKS: significant improvements have been made in container management, including reducing the size of the base image and improvements in application compatibility, especially for Nano Server, simplifying and making container use more efficient.
  • Next-Generation File Services: access to SMB over QUIC, previously limited to the Azure edition of Windows Server 2022, is now extended to all editions of Windows Server 2025. This facilitates secure remote access to file servers without the need for VPN, using an always-encrypted protocol that leverages TLS 1.3 for connections, improving security and accessibility.
  • New Pay as You Go Option: Microsoft is planning to sell Windows Server 2025 not only through the traditional perpetual license but also via a pay-as-you-go subscription option. This option will be enabled through Azure Arc, Microsoft’s cloud service management tool, and will be billed through “Azure Commerce.” The subscription-based offering could be used by organizations that have seasonal or burst workloads, offering flexibility in payment based on actual usage.

These innovations reflect Microsoft’s commitment to meeting user needs and driving the technological evolution of servers, with Windows Server 2025 poised to be a milestone in the history of server operating systems.

Windows Server 2025 vs Azure Stack HCI

Azure Stack HCI and Windows Server 2025 represent two fundamental pillars in Microsoft’s virtualization solution offering, each designed to meet different needs within the IT landscape. While Azure Stack HCI positions itself as the cutting-edge solution for hybrid environments, offering advanced integrations with Azure services for optimized management and scalability, Windows Server 2025 continues to be a solid choice for organizations that require more traditional virtualized solutions, with a particular focus on flexibility and management in disconnected scenarios. The choice between these two solutions depends on the specific virtualization needs, the organization’s cloud strategy, and the need for access to advanced management and security features.

In summary:

  • Azure Stack HCI represents Microsoft’s flagship virtualization platform, offering significant hybrid value not present in Windows Server. Its features include Azure Virtual Desktop, free Extended Security Updates (ESU), the Azure edition (with hotpatching), the ability to provision virtual machines directly from the Marketplace, and management through Azure. Azure Stack HCI also stands out for the speed with which it introduces new improvements and features.
  • For customers needing disconnected solutions, Microsoft proposes Windows Server as a virtualization platform. Although it does not have all the advanced features of Azure Stack HCI, Windows Server remains a feature-rich and absolutely valid solution.

Release Date of Windows Server 2025

The new version of Windows Server, named “Windows Server 2025,” is expected in the fall of this year. Although Microsoft has not yet announced an official release date, it is possible to make some predictions based on previous release cycles. The company’s last product, Windows Server 2022, was made available to the public on September 1, 2021. If Microsoft were to follow a similar schedule for its next product, then we could expect Windows Server 2025 to be released in the fall of this year.

Conclusions

Windows Server 2025 represents a significant step forward in Microsoft’s vision for the future of server management, offering a wide range of improvements and new features that promise to optimize the IT infrastructure of companies. The introduction of technologies such as hot patching, next-generation Active Directory, and improvements in the field of storage and artificial intelligence not only enhance security and performance but also management and operational efficiency. With its release expected in the fall of this year, Windows Server 2025 is poised to be a milestone in the evolution of server operating systems, ready to meet the needs of modern IT environments and set new standards for the industry.

Beyond traditional SAN: Azure Elastic SAN and the new era of cloud storage

Microsoft has recently unveiled Azure Elastic SAN, a groundbreaking offering in the cloud computing sector, marking the debut of the first fully managed, cloud-native Storage Area Network (SAN) solution. This initiative aims to radically transform how SANs are deployed, managed, and configured within the cloud ecosystem, promising to revolutionize current practices. Indeed, Azure Elastic SAN stands as a turning point for organizations looking to simplify and optimize the transition of their SAN infrastructures to the cloud, ensuring an unprecedented level of operational efficiency. This article seeks to explore Azure Elastic SAN in detail, highlighting its main innovations, such as the adoption of a resource hierarchy inspired by traditional SANs and the ability to dynamically allocate resources to support a wide range of workloads, from databases and virtual desktop infrastructures to critical business applications. Specific use cases will also be analyzed, illustrating the flexibility and added value Azure Elastic SAN can provide, including advanced data security management and integration with other Azure solutions.

Features of Azure Elastic SAN

Azure Elastic SAN positions itself as a cutting-edge solution, designed to effectively meet the scalability, management, and security needs of modern storage infrastructures. Here are the key features of the solution:

  • Simplified Management: Azure Elastic SAN eliminates the complexity typically associated with configuring and managing a traditional SAN. It offers a fully managed environment, allowing administrators to focus on applications rather than the underlying infrastructure.
  • Dynamic Scalability: A key feature of Azure Elastic SAN is its ability to dynamically scale resources to meet the changing needs of workloads. This includes the ability to increase IOPS (Input/Output Operations Per Second) and bandwidth without interruptions or downtime.
  • High Performance: The solution can support up to 80,000 IOPS per single volume and speeds up to 1,280 MBps. Azure Elastic SAN is designed for high-throughput and IOPS-intensive workloads, ensuring exceptional performance.
  • Security and Compliance: It implements advanced security measures, including server-side encryption with customer-managed keys and support for private endpoints, to ensure data is protected in accordance with company policies and industry regulations.
  • Integration with Azure Monitor and Azure Policy: Azure Elastic SAN integrates closely with other Azure services, such as Azure Monitor for monitoring performance and capacity metrics, and Azure Policy to prevent misconfigurations and potential incidents.

Azure Elastic SAN Resources

Azure Elastic SAN integrates two fundamental components into its architecture: Volume Groups and Volumes, essential for organizing and managing storage. These components work together to replicate the functionality and flexibility of a traditional on-premise SAN, while simultaneously simplifying provisioning and billing management directly from the cloud.

Architecture and Resource Mapping

The structure of Azure Elastic SAN serves as a virtual equivalent of a traditional SAN application, with a direct mapping of its resources to those of a physical SAN:

  • Elastic SAN: Acts as the heart of the infrastructure, similar to an on-premise SAN device, managing billing and provisioning operations.
  • Volume Groups: Function as network nodes, facilitating access and storage management.
  • Volumes: Correspond to the actual storage space, similarly to the physical volumes of an on-premise SAN.

Figure 1 – Relationship and Mapping of Resources of an Azure Elastic SAN to the Resources of an On-Premise SAN

Configuring Elastic SAN

Configuring an Elastic SAN involves determining the infrastructure’s redundancy and provisioning the storage. The configured storage’s capacity and performance define the SAN’s overall capabilities, directly affecting the capacity and performance available for each volume.

Volume Groups and Volumes

Volume Groups are management tools designed for the effective and centralized administration of multiple volumes. Settings and configurations applied to a group, such as virtual network rules, are automatically extended to all associated volumes, facilitating management and scalability.

Use Cases

Azure Elastic SAN stands out not only for its advanced technical features but also for its applicative versatility, making it suitable for a wide range of operational scenarios. Below, we will explore some of the most significant use cases where Azure Elastic SAN demonstrates its added value, highlighting how this solution can be the key to addressing complex challenges and optimizing operations in the cloud:

  • Optimizing SQL databases: Elastic SAN is ideal for databases like SQL Server, where high throughput and IOPS requirements are prevalent. It allows for avoiding oversizing Azure VMs, thus optimizing performance and reducing costs.
  • Facilitated migration from on-premises SAN to the cloud: Azure Elastic SAN eases the migration of on-premises SAN environments to the cloud, thanks to its IOPS and throughput capabilities, dynamically sharing performance across workloads.
  • Storage consolidation: Enables dynamic sharing of performance across volumes, facilitating the achievement of high performance efficiently and helping to prevent the oversizing necessary to manage traffic peaks.
  • Integration with Azure VMware Solution: Integration with Azure VMware Solution allows for expanding the storage capacity of the solution without needing to increase vSAN storage nodes. This is made possible by presenting an Elastic SAN volume as an external datastore.
  • Support for Azure Container Storage: Elastic SAN supports Azure Container Storage, leveraging the efficiency of the iSCSI protocol. This integration enables significant storage cost reductions through dynamic resource sharing.

For more details on the solution, Microsoft’s official documentation can be consulted, while pricing information can be found on the dedicated page.

Conclusions

Azure Elastic SAN represents a milestone in the landscape of cloud storage solutions, offering companies the opportunity to migrate their on-premises SAN environments to the cloud with unprecedented ease. Its introduction not only simplifies the management and scalability of SANs in the cloud but also opens up new opportunities for performance optimization and cost efficiency. With Azure Elastic SAN, organizations can now make the most of their high-throughput and IOPS-intensive workloads, consolidate storage, and achieve cost efficiency on a large scale, marking the beginning of a new era for cloud storage.

Leveraging Azure infrastructure in Italy: opportunities and strategies for businesses

In the digital era, the evolution of cloud computing represents a crucial turning point for businesses, radically changing the way data, applications, and IT infrastructures are managed. At the heart of this revolution stands Microsoft Azure, a leading cloud platform that offers an extensive assortment of services and solutions, designed to increase efficiency, security, and resilience of workloads. Azure’s availability in Italy presents an opportunity for businesses of all sizes to optimize their IT resources and expand in the digital landscape. This article aims to explore the potential of Azure’s infrastructure in Italy, highlighting how companies can benefit from its innovative services, seizing practical advantages and concrete opportunities that arise from it.

Azure: a flexible ecosystem for innovation

Azure’s philosophy is clear: simplify IT management without sacrificing reliability and efficiency. Microsoft has structured Azure to be a versatile platform, suitable for reducing costs and complexity for customers. This flexibility is manifested in Azure’s ability to integrate with existing environments, whether it be hybrid clouds with VMware and Nutanix, or in the implementation of IaaS and PaaS services for business applications. Microsoft’s approach is to put the customer at the center, offering customized solutions adaptable to every specific need.

Figure 1 – Microsoft Azure: The Infrastructure Designed for Various Workloads

The launch of Azure in Italy: a customer-oriented process

Azure’s service rollout follows a well-defined path. Initially, in the pre-launch phase, Microsoft establishes the ‘Azure Foundational Services’, which include the essential basic infrastructure: computing, storage, and networking. These components constitute the fundamental core of a cloud environment. With the official start of a region, Microsoft enters a new phase, introducing the ‘Azure Mainstream Services’. These services are expanded and adapted to directly meet customer needs, marking a crucial step in tailoring Microsoft’s cloud offering to the specificities of the local market. As the region matures, Microsoft launches the ‘Azure Strategic Services’, designed to meet more complex requirements and cover advanced use scenarios. At this stage, the focus is on close collaboration with customers to optimize workloads and performance, reflecting a continuous commitment to listening and responding to customer needs. Currently, the Azure Italy North region is in a phase of dynamic development, marked by a constant commitment to evolving services. Microsoft aims to grow in harmony with the needs of its customers, aiming not only to meet current needs but also to drive future innovation.

Figure 2 – Phases of Implementing Azure Services in a New Region

Reliability and resilience: a shared commitment and a framework for excellence

Reliability in the cloud represents a shared goal by both providers and users. Microsoft commits to providing a resilient foundation for the cloud, but it is up to companies to build robust systems on this foundation. Through the use of Azure, customers have the opportunity to implement resilience solutions, including high availability and disaster recovery, which integrate into their infrastructures to ensure operational continuity and security. The “Azure Well-Architected Framework” plays a crucial role in an effective cloud strategy. This framework guides companies through fundamental practices such as design, testing, and monitoring, emphasizing the need for a conscious approach in design, rigorous testing, and constant control. In this way, companies can ensure they operate in a reliable cloud environment.

Resilience and availability: Multi-Region vs. Single-Region

It is important to clarify a fundamental aspect. Historically, Microsoft Azure has adopted a multi-region design approach to ensure high cloud availability. By implementing multi-region architectures, Azure has allowed customers to distribute workloads across different regions, creating an effective failover architecture in case of interruptions. For example, European businesses have been able to distribute their workloads between West Europe and North Europe. In case of problems in one region, the other can automatically intervene, reducing the risk of downtime and ensuring operational continuity.

Figure 3 – Multi-Region Model

The ‘Data Residency Boundary’ demonstrates that, despite geographic distribution, data remains confined within a designated area, ensuring compliance with local regulations. Azure thus meets not only the technical needs for availability but also the legal and compliance requirements of global customers.

However, with Microsoft’s global expansion, there has been an evolution in the design of cloud infrastructures. The Azure North Italy region is an example, adopting a single-region approach with three availability zones and no paired regions, still ensuring excellent service availability and resilience.

Figure 4 – Single-Region Model

The North Italy region, created after careful risk analysis, ensures optimal security and performance. With latencies below 2 milliseconds, it offers synchronous replication of applications and data, maintaining operational continuity and data integrity. Each availability zone has independent data centers with autonomous resources, highlighting Microsoft’s commitment to high operability and service reliability.

Respecting the ‘Data Residency Boundary’ is crucial in Europe, where data protection regulations are stringent. The North Italy region is a model of adaptation to these needs, ensuring that data remains within regional borders and compliant with local laws.

The Azure Italy North Region: an opportunity for italian businesses

Addressing Italian companies considering the cloud to expand or transfer their IT infrastructure, the Azure North Italy region emerges as a promising choice. For businesses with operational headquarters exclusively in Italy, adopting this region offers tangible benefits, such as reduced latency and high performance, critical aspects for those operating predominantly at the national level. This choice also aligns with EU and Italian data residency regulations.

For customers currently using Azure services in other regions, such as West Europe, the transition to North Italy requires a more in-depth analysis. Key elements to consider include the impact on existing IT infrastructures, operational costs, and application performance. It is also crucial to evaluate latency in interactions between services located in different regions.

Another relevant factor is the need to serve users in geographically distant areas. In such cases, it might be more effective to maintain some services in a region closer to end-users or consider solutions that involve the distribution of Azure services across multiple regions.

The decision on the most suitable Azure region depends on the specific needs of the company and the geographical distribution of users. The advantage of the cloud lies in its flexibility and ability to adapt to various scenarios. Therefore, for Italian companies, both in the initial phase of adopting the cloud and in the expansion phase, the Azure North Italy region represents an option to be carefully considered.

Why choose Azure in northern Italy

Among the main aspects leading to the choice of adopting the Azure region located in Italy are:

  • Opting for a data center located in Italy means that data is physically stored within the country, in compliance with Italian data residency regulations. This choice not only minimizes risks related to data sovereignty but also ensures compliance with national and European Union regulations.
  • Companies can be sure of operating within the data borders of the EU and take advantage of advanced confidential computing capabilities, which provide additional levels of protection for sensitive data.
  • Optimization of performance for applications. Whether it’s Internet of Things (IoT) applications, Virtual Desktop solutions, or hybrid infrastructures, the North Italy region has been designed to support intensive use scenarios and to ensure the necessary performance for these advanced technologies.
  • Energy cost savings and reduced environmental impact. The North Italy region stands out for its energy efficiency, with a Power Usage Effectiveness (PUE) index of 1.12 and a Water Usage Effectiveness (WUE) of 0.023 l/kWh. These figures reflect Microsoft’s commitment to sustainability and energy efficiency.

Conclusions

The presence of Microsoft Azure in Italy represents a valuable resource for local businesses. Azure stands out for its versatility and adaptability, proposing an ecosystem that is easily integrable with various operational contexts and capable of meeting specific business needs, while ensuring efficiency and reliability. The availability of this cloud platform in Italy allows companies to benefit from greater scalability in the digital sector, thanks to reduced latency, high performance, and full adherence to local regulations. A determining factor is compliance and sovereign data management: the Azure Italy North region strictly respects European data protection laws, ensuring that data remains within regional borders and compliant with current regulations. A distinctive feature of this region is also energy efficiency and a lower environmental impact, resulting in advantageous energy consumption. With Azure, Italian companies have the opportunity to embark on a path of digital innovation, availing themselves of customized solutions, maximum security, and regulatory compliance

Microsoft Cloud for Sovereignty: the solution to meet sovereignty requirements in the cloud and hybrid environments

Microsoft has recently announced the availability of Microsoft Cloud for Sovereignty across all Azure regions. This solution offers reliable options for the public sector, designed to support the migration, development, and transformation of workloads in Microsoft’s cloud while complying with regulatory, security, and control requirements. In this article, we delve into the distinctive features of Microsoft Cloud for Sovereignty, exploring how it can ensure rapid digital transformation for government entities in compliance with regulations.

Sovereignty in the Hyperscale Cloud

Governments worldwide must meet a wide range of national and regional compliance requirements for applications and workloads, including governance, security controls, privacy, and in some cases, data residency and sovereign protections. Until now, most solutions to meet these regulatory requirements relied on private clouds and on-premises environments, slowing the adoption of scalable, secure, and resilient cloud solutions.

What is Data Sovereignty and Microsoft’s Stance on ‘Sovereignty’?

Data sovereignty is the concept that data is under the customer’s control and regulated by local laws. While data residency ensures data remains in a specific geographic location, data sovereignty ensures adherence to the regulations of the country where the public sector customer is located. Each jurisdiction has its own requirements, vision, and unique needs when it comes to addressing sovereignty. In this regard, while Microsoft believes many of these needs are met through standard cloud solutions, it has introduced Microsoft Cloud for Sovereignty, providing an additional layer of capabilities to meet the individual needs of public sector and government clients. It is then up to partners and clients to determine what is appropriate for their specific needs. For the most sensitive workloads that cannot be hosted in the public cloud, Microsoft offers hybrid options, such as Azure Stack HCI, allowing customers to keep data in their own on-premises environments.

The following paragraphs outline the most common requests for achieving data sovereignty in the cloud.

Residency, Security, and Compliance in the Hyperscale Cloud

Microsoft Cloud for Sovereignty is rooted in over 60 global Azure cloud regions, ensuring unmatched security and a wide range of regulatory compliance. This positions Microsoft as the cloud provider with the most regions worldwide, and this infrastructure allows customers to implement specific policies to ensure their data and applications remain within their preferred geographic boundary, fully respecting national or regional data residency requirements.

Controls for Data Access

Microsoft Cloud for Sovereignty provides controls to ensure sovereignty, protection, and encryption of sensitive data and to control access, enabled by:

  • Sovereign Landing Zone: A specific Azure landing zone designed for entities requiring privacy, security, and sovereign controls in compliance with governmental regulations. These zones provide a repeatable and secure approach for cloud service development and deployment. Governments facing complex and multilevel regulatory contexts find in the Sovereign Landing Zones an effective solution for designing, implementing, and managing solutions, adhering to established policies. They allow for the implementation and configuration of Azure resources, ensuring alignment with the best practices of the Cloud Adoption Framework (CAF). These guides enable organizations to meet data sovereignty requirements. For more information on SLZ and their features, it is recommended to consult the documentation on GitHub.
  • Azure Confidential Computing: A technology developed by Microsoft aimed at enhancing data security while being processed in the cloud. Traditionally, data can be protected while at rest (stored) or in transit (during transmission), but become vulnerable when in use or running on a server. Confidential Computing seeks to bridge this gap by protecting data even when in execution. This is achieved through the use of a technology called “Trusted Execution Environment” (TEE), which is essentially a secure area of the processor. TEEs isolate data and code in execution from other processes, including those of the operating system, so that only authorized code can access the data. This means that even if an attacker manages to penetrate the operating system or network, they would not be able to access the protected data within the TEE. Azure Confidential Computing is particularly useful for use cases requiring a high level of data security, such as financial transactions, healthcare information management, or handling sensitive data for businesses or governments.

The Complexity of Addressing Regulations that Vary from Country to Country

Digital sovereignty is a complex issue, varying significantly from one nation to another. To address this challenge, Microsoft has adopted a collaborative and customized approach with its Microsoft Cloud for Sovereignty. By working closely with local partners in different countries, Microsoft is able to tailor its cloud solutions to the specific needs of each client, maximizing efficiency and ensuring secure implementations.

In this context, Microsoft offers its clients the ability to adopt specific policies related to sovereignty through Azure, simplifying the process of complying with national and regional regulations. These initiatives (set of policies) help clients establish cloud security parameters, facilitating compliance with regulations.

A concrete example is the adoption of the Azure Cloud Security Benchmark. Clients can start here, then add the new Sovereignty Policy Baseline to strengthen digital sovereignty practices. Additionally, they can integrate specific layers for their regions, such as the guidelines for cloud migration from the Italian National Agency for Cybersecurity of Public Administration (ACN) for clients in Italy.

Furthermore, the new Cloud Security Alliance Cloud Controls Matrix (CSA CCM v4) policy initiative offers a global benchmark that informs and guides many regional standards, further consolidating Microsoft’s commitment to secure, compliant, and sovereign cloud solutions.

How Microsoft Ensures Data Remains in a Specific Country and Supports Sovereignty Needs of Governments Without Azure Regions in Their Territory?

Microsoft provides detailed information about data residency in the Microsoft Cloud through its documentation and the Microsoft Trust Portal. Additional measures to maximize data residency have been announced as part of the EU Data Boundary. Governments worldwide have different preferences regarding sovereignty and data residency. For some clients, data residency in their own country is not a prerequisite for sovereignty. Moreover, the sovereignty controls that Microsoft provides can be used anywhere, even in the absence of a region in their own country.

Microsoft Cloud for Sovereignty for Italian Clients

A significant step towards digital sovereignty in Italy is represented by the introduction of the new Azure Italy North region. This region opens new possibilities for public and private clients, offering them access to Sovereign Landing Zones. Additionally, Azure Italy North stands out for adopting cutting-edge technologies like Azure Confidential Computing. With the addition of Azure Italy North, Microsoft demonstrates its commitment to supporting the specific needs of Italian clients, providing advanced technological solutions that meet the challenges of digital sovereignty and data security.

Capabilities of Microsoft Cloud for Sovereignty

The capabilities of Microsoft Cloud for Sovereignty extend across several levels:

Figure 1 – The Various Layers that Compose Microsoft Cloud for Sovereignty

New Capabilities for Sovereignty

The following new solutions highlight Microsoft’s ongoing investment in improving sovereignty in the hyperscale cloud:

  • Drift Analysis Capability: Continuous administration and maintenance can potentially introduce changes that are not compliant with established policies, causing the deployment to deviate from compliance over time. The new drift analysis tool inspects the deployment and generates a list of non-compliant settings, along with a severity assessment, facilitating the identification of discrepancies to be remedied and the verification of compliance in specific environments.
  • Transparency Logs: Provides eligible customers with visibility into instances where Microsoft engineers have accessed customer resources through Just-In-Time (JIT) access, most commonly in response to a customer support request.
  • New Configuration Tools in the Azure Portal: Allow customers to create a new custom Sovereign Landing Zone in two simple steps using a guided experience.

Conclusions

In conclusion, Microsoft Cloud for Sovereignty represents a significant turning point in data management and digital sovereignty in the cloud and hybrid environments. With its ability to meet complex compliance requirements and ensure data security, this solution stands as a fundamental pillar for the public and governmental sector. The availability across all Azure regions, coupled with innovative Azure Confidential Computing and Sovereign Landing Zones, offers customers unprecedented flexibility to keep data within national or regional boundaries, respecting local regulations. Microsoft’s personalized and collaborative approach in responding to the specific needs of each country demonstrates a clear commitment to digital sovereignty, offering secure, scalable, and reliable solutions. Particularly for Italian clients, the opening of the Azure Italy North region is a significant step forward, highlighting Microsoft’s investment in supporting local needs and strengthening data security. Overall, Microsoft Cloud for Sovereignty emerges as an important innovation in the cloud computing landscape, advancing the mission of a safer, compliant, and sovereign digital future.

Microsoft Copilot for Azure: how Artificial Intelligence is transforming Azure infrastructure design and management

In an era marked by relentless technological evolution, artificial intelligence (AI) is emerging as a revolutionary force in the cloud computing landscape. At the heart of this transformation is Microsoft, which has recently unveiled Microsoft Copilot for Azure. This innovative solution marks the beginning of a new era in the design, management, and optimization of Azure infrastructure and services. This article provides an overview of Microsoft Copilot for Azure, a true ally for businesses, designed to fully exploit the potential of the cloud through advanced features and AI-guided intuitiveness.

Premise: Copilot’s experience in Microsoft’s Cloud

Microsoft Copilot is a cutting-edge solution in the field of AI-based assistants. It stands out for the use of sophisticated language model algorithms (LLMs) and its perfect integration with Microsoft’s Cloud. This revolutionary tool aims to enhance productivity by facilitating access to critical data and ensuring high standards in security and privacy. Its core is an intuitive conversational interface that simplifies interaction with data and automation, making application creation simpler and more intuitive.

Copilot adapts to different needs: from basic usage that requires minimal effort and customization, to highly customized solutions that require substantial investment in development and data integration.

Figure 1 – Copilot’s Experience in Microsoft’s Cloud

The main ways to take advantage of Microsoft Copilot are:

  • Adopting Copilot: Microsoft offers various Copilot assistants to increase productivity and creativity. Integrated into various Microsoft products and platforms, Copilot transforms the digital workspace into a more interactive and efficient environment. Among these, Copilot for Azure stands out, which will be examined in detail in this article.
  • Extending Copilot: Developers have the opportunity to incorporate external data, simplifying user operations and reducing the need to change contexts. This not only improves productivity but also fosters greater collaboration. Through Copilot, it’s easy to integrate these data into common Microsoft products used daily. For example, both companies and ISVs have the ability to develop plugins to insert their own APIs and business data directly into Copilot. By adding these plugins, connectors, or extensions for messages, users can maximize the use of AI capabilities offered by Copilot.
  • Building your own Copilot: Beyond adoption and extension, it’s possible to create a customized Copilot for a unique conversational experience, using Azure OpenAI, Cognitive Search, Microsoft Copilot Studio, and other Microsoft Cloud technologies. A customized Copilot can integrate business data, access external data in real-time via APIs, and integrate into business applications.

Microsoft Copilot for Azure: the assistant revolutionizing the design, management, and optimization of Azure infrastructure and services via AI

Microsoft Copilot for Azure is an innovative AI-based tool designed to maximize the potential of Azure. Using LLMs (Large Language Models), Azure’s control plane, and detailed analysis of the Azure environment, Copilot makes work more effective and productive.

This assistant helps users navigate Azure’s numerous offerings, which include hundreds of services and thousands of resource types. It combines data and insights to increase productivity, minimize costs, and provide specific insights. Its ability to interpret natural language greatly simplifies managing Azure, responding to questions and providing personalized information about the user’s Azure environment.

Available directly through the Azure portal, Microsoft Copilot for Azure facilitates user interaction, responding to questions, generating queries, and performing tasks. Moreover, Copilot for Azure provides personalized, high-quality recommendations, respecting the organization’s policies and privacy.

The following paragraphs report the main features for which Microsoft Copilot for Azure can be used.

Performing tasks with improved efficiency

Copilot for Azure is designed to manage a wide range of basic operations that constitute the daily routine in managing Azure environments. These operations, essential for the maintenance and efficiency of architectures in Azure, can often be repetitive and time-consuming. However, with Copilot, it’s possible to manage these basic operations, saving valuable time and reducing the likelihood of human errors.

Interpreting and assessing the Azure environment:

  • Obtain information about resources through Azure Resource Graph queries.
  • Understand events and the health status of services.
  • Analyze, estimate, and optimize costs.

Working smarter with Azure services:

  • Deploy virtual machines effectively.
  • Build infrastructures and deploy workloads.
  • Obtain information about Azure Monitor metrics and logs.
  • Work more productively using Azure Stack HCI.
  • Secure and protect storage accounts.

Writing and optimizing code:

  • Generate Azure CLI scripts.
  • Discover performance recommendations.
  • Create API Management policies.
  • Generate YAML files for Kubernetes.
  • Resolve app issues more quickly with App Service.

Obtaining specific and detailed information and advice

Within the Azure portal, Copilot emerges as a useful tool for delving into a wide range of Azure concepts, services, or offerings. Its ability to provide answers is based on constantly updated documentation, ensuring users get up-to-date advice and valuable help in solving problems. This not only improves efficiency but also ensures that decisions are based on the most recent and relevant information.

Navigating the portal with greater ease

Navigating the Azure portal, often perceived as complex due to the vastness of services offered, is made simple and intuitive with Copilot’s assistance. Instead of manually searching among the numerous services, users can simply ask Copilot to guide them. Copilot not only responds by opening the requested service but also offers suggestions on service names and provides detailed explanations, making the navigation process smoother.

Simplified management of portal settings

Another notable aspect is Copilot’s ability to simplify the management of Azure portal settings. Users can now confirm or change settings directly through Copilot, without the need to access the control panel. For example, it’s possible to select and customize Azure themes directly through Copilot, making interaction with the portal not only more efficient but also more personalized.

Limitations as of December 2023

As of December 2023, Microsoft Copilot for Azure is in preview and has the following limitations:

  • Each user has a limit of ten questions per conversation and a maximum of five conversations per day.
  • Responses that include lists are limited to the first five items.
  • For some requests and queries, using the name of a resource may not be sufficient; it may be necessary to provide the Azure resource ID.
  • Available only in English.

Conclusions

Microsoft Copilot for Azure represents a revolutionary turn in cloud computing, leveraging artificial intelligence to significantly transform the management and optimization of Azure architectures. This tool elevates productivity and security, simplifying daily operations, providing detailed analysis, and assisting users in managing the Azure environment. Although we are still at the dawn of this technology, Copilot for Azure represents a significant advancement. This tool not only provides an intuitive and efficient user experience but also lays the groundwork for a future where artificial intelligence and cloud computing will be increasingly interconnected and synergistic.

Azure Stack HCI: the continuously evolving Hyper-Converged solution – December 2023 Edition

In the rapidly evolving current technological landscape, the need for flexible and scalable IT infrastructures has never been more pressing. Azure Stack HCI emerges as a response to this need, offering a hyper-converged (HCI) solution that enables the execution of workloads in on-premises environments while maintaining a strategic connection with various services offered by Azure. Azure Stack HCI is not just a hyper-converged solution, but is also a strategic component of the Azure services ecosystem, designed to integrate and amplify the capabilities of existing IT infrastructure.

As part of Azure’s hybrid offering, Azure Stack HCI is constantly evolving, adapting to the changing needs of the market and user expectations. The recent wave of innovations announced by Microsoft testifies to the company’s commitment not only to maintaining but also improving its position as a leader in the HCI solutions sector. These new features, which will be explored in detail in this article, promise to open new paths for the adoption of Azure Stack HCI, significantly improving the management of hybrid infrastructures and offering new opportunities to optimize the on-premises environment.

The lifecycle of updates and upgrades of Azure Stack HCI

A fundamental aspect of Azure Stack HCI is its predictable and manageable upgrade and update experience. Microsoft’s strategy for Azure Stack HCI updates is designed to ensure both security and continuous innovation of the solution. Here’s how it works:

  • Monthly quality and security updates: Microsoft regularly releases monthly updates focused on quality and security. These updates are essential to maintain the integrity and reliability of the Azure Stack HCI environment.
  • Annual feature updates: in addition to monthly updates, an annual feature update is released. These annual updates aim to improve and enrich the capabilities of Azure Stack HCI with new features and optimizations.
  • Timing for installing updates: to keep the Azure Stack HCI service in a supported state, users have up to six months to install updates. However, it is recommended to install updates as soon as they are released to ensure maximum efficiency and security of the system.
  • Support from Microsoft’s Hardware Partners: Microsoft’s hardware solution partners support Azure Stack HCI’s “Integrated Systems” and “Validated Nodes” with hardware support services, security updates, and assistance, for at least five years.

In addition to these established practices, during Microsoft Ignite 2023, a significant new development was announced: the public preview of Azure Stack HCI version 23H2. This latest version represents an important step in the evolution of Azure Stack HCI. The final version of this updated solution will be released in early 2024, slightly behind the planned release cycle. This delay is attributable to significant changes made to the solution, aimed at further improving the capabilities and performance of Azure Stack HCI. Initially, Azure Stack HCI version 23H2 will be available exclusively for new installations. Over the course of the year, it is expected that most users currently on Azure Stack HCI version 22H2 will have the opportunity to upgrade their clusters to the new version 23H2.

Figure 1 – Azure Stack HCI update release cycles

Activation and management of different workloads

Modern organizations often find themselves managing a wide range of applications: some based on containers, others on virtual machines (VMs), some running in the cloud, others in edge environments. Thanks to Azure Arc and an adaptive approach to the cloud, it’s possible to use common tools and implement uniform operational practices for all workloads, regardless of where they are executed. The 23H2 version of Azure Stack HCI provides all the necessary Azure Arc infrastructure, automatically configured as part of the cluster deployment, including the Arc Resource Bridge and other management agents and components. This means that, from the start, it’s possible to begin deploying Arc-enabled virtual machines, Azure Kubernetes Service clusters, and Azure Virtual Desktop session hosts.

Virtual Machines

The 23H2 version of Azure Stack HCI offers the ability to activate general-purpose VMs with flexible sizing and configuration options to meet the needs of different applications. Users can use their own custom Linux or Windows images or conveniently access those available in the Azure Marketplace. When creating a new virtual machine (VM) using the Azure portal, the Command Line Interface (CLI), or an ARM template, it is automatically equipped with the Connected Machine Agent. This includes the integration of extensions like Microsoft Defender, Azure Monitor, and Custom Script, thus ensuring uniform and integrated management of all machines, both in the cloud and at the edge.

Azure Kubernetes Service

The 23H2 version of Azure Stack HCI offers the Azure Kubernetes Service, a managed Kubernetes solution that operates in a local environment. The Azure Kubernetes Service is automatically configured as part of the Azure Stack HCI deployment and includes everything needed to start deploying container-based workloads. The Azure Kubernetes Service runs its control plane in the same Arc Resource Bridge as the general-purpose VMs and uses the same storage paths and logical networks. Each new Kubernetes cluster deployed via the Azure portal, CLI, or an ARM template is automatically configured with Azure Arc Kubernetes agents inside to enable extensions such as Microsoft Defender, Azure Monitor, and GitOps for application deployment and CI/CD.

Azure Virtual Desktop for Azure Stack HCI (Preview)

The 23H2 version of Azure Stack HCI has been optimized to support the deployment of virtualized desktops and applications. Azure Virtual Desktop, a Microsoft-managed desktop virtualization service with centralized control in the cloud, offers the experience and compatibility of Windows 11 and Windows 10. This service is distinguished by its multi-session capability, which increases efficiency and reduces costs. With Azure Virtual Desktop integrated into Azure Stack HCI, it is possible to position desktops and apps (session hosts) closer to end-users to reduce latency, and there is also the option for GPU acceleration. The 23H2 version introduces an updated public preview that offers provisioning of host pools directly from the Azure portal, simpler guest operating system activation, and updated Marketplace images with pre-installed Microsoft 365 apps. Microsoft will soon share more information on timings and pricing for general availability.

Advanced security

The increase in applications and infrastructures in edge environments requires organizations to adopt advanced security measures to keep pace with increasingly sophisticated threats from attackers. The 23H2 version of Azure Stack HCI facilitates this process with advanced security settings enabled by default, such as native integration with Microsoft Defender for Cloud and the option to protect virtual machines with Trusted Launch.

Integrated and Default-Enabled Security

The new 23H2 version of Azure Stack HCI presents a significantly strengthened security posture. Leveraging the foundations of Secured Core Server, over 300 settings in the hypervisor, storage system, and network stack are pre-configured following Microsoft’s recommendations. This covers 100% of the applicable settings in the Azure security baseline, doubling the security measures compared to the previous version 22H2. Any deviations from the settings are detected and automatically corrected to maintain the desired security posture over time. For enhanced protection against malware and ransomware, application control is activated by default, using a base policy provided by Microsoft.

Integration with Microsoft Defender for Cloud

In Microsoft Defender for Cloud, in addition to workload protection for Kubernetes clusters and VMs, new integrated security recommendations provide coverage for the Azure Stack HCI infrastructure as part of the Cloud Security Posture Management plan. For example, if the hardware is not set up for Secure Boot, if clustered storage volumes are not encrypted, or if application control is not activated, these issues will be highlighted in the Microsoft Defender for Cloud portal. Furthermore, it is possible to easily view the security status of host clusters, nodes, and workloads in a unified view. This greatly improves the ability to control and correct the security posture efficiently on a large scale, making it suitable for environments ranging from a limited number to hundreds of locations.

Trusted launch for Azure Arc-Enabled Virtual Machines

Trusted launch is a security feature designed to protect virtual machines (VMs) from direct attacks on firmware and bootloaders. Initially available only in Azure’s cloud, it has now been extended to the edge with Azure Stack HCI version 23H2. When creating an Azure Arc-enabled VM, this security option can be selected using the Azure portal, the Command Line Interface (CLI), or an ARM template. Trusted launch provides VMs with a virtual Trusted Platform Module (TPM), useful for the secure storage of keys, certificates, and secrets. Additionally, Secure Boot is enabled by default. VMs using Trusted launch also support automatic failover and live migration, transparently maintaining the state of the vTPM when moving the VM between cluster nodes. This implementation represents a significant step towards introducing confidential computing into edge computing.

Innovations in edge management

Sectors like retail, manufacturing, and healthcare often face the challenge of managing physical operations across multiple locations. In fact, integrating new technologies in places such as stores, factories, or clinics can become a complex and costly process. In this context, an edge infrastructure that can be rapidly deployed and centrally managed becomes a decisive competitive advantage. Tools enhanced with artificial intelligence, capable of scaling to thousands of resources, offer unprecedented operational efficiency.

With the 23H2 version of Azure Stack HCI, fundamental lifecycle operations such as deployment, patching, configuration, and monitoring are entirely managed from the cloud. This significantly reduces the need for on-site tools and personnel, making it easier to manage edge infrastructures.

Cloud-based Deployment

The 23H2 version of Azure Stack HCI simplifies large-scale deployment. At edge sites, once new machines arrive with the operating system pre-installed, local staff can simply connect them and establish the initial connection with Azure Arc. From that point on, the entire infrastructure, including clusters, storage, and network configuration, is deployed from the cloud. This minimizes the time and effort required on-site. Using the Azure portal, it’s possible to create an Azure Stack HCI cluster or scale it with a reusable Azure Resource Manager (ARM) template, with unique parameters for each location. This infrastructure-as-code approach ensures consistent configuration of Azure Stack HCI on a large scale.

Cloud-based update management

Keeping the system up to date is now simpler. The 23H2 version introduces the new Lifecycle Manager, which organizes all applicable updates into a single monthly package, covering the operating system, agents, services, and even drivers and firmware for participating hardware solutions. Lifecycle Manager ensures that the cluster always runs a combination of software validated by Microsoft and its partners, reducing the risk of problems or incompatibility. Update management for Azure Stack HCI clusters is integrated with Azure Update Manager, providing a unified tool for all machines across the cloud and edge.

Cloud-based monitoring

Azure Monitor provides an integrated and comprehensive view for applications and infrastructure, covering both cloud and on-premises environments. This now includes logs, metrics, and alert coverage for Azure Stack HCI version 23H2. Over 60 standard metrics are available, including CPU and memory usage, storage performance, network bandwidth, and more. Azure Stack HCI health issues, such as a failed disk or a misconfigured network port, are reported as new platform alerts, customizable to trigger notifications or actions. Additionally, Azure Monitor Insights, powered by Data Collection Rules and Workbooks, provides pre-configured views to help administrators monitor specific features, such as storage deduplication and compression.

Useful references

For all the details regarding the 23H2 version of Azure Stack HCI, you can consult the official Microsoft documentation.

Conclusions

Azure Stack HCI represents a milestone in the landscape of IT infrastructures, offering a robust, scalable, and secure solution for organizations navigating today’s complex technological ecosystem. With its approach, Azure Stack HCI effectively adapts to the needs of hybrid infrastructures, enabling seamless integration between on-premises environments and the Azure cloud. Its advanced features, such as optimized workload management, cutting-edge security, and ease of edge system management, not only meet current challenges but also open new possibilities for future innovation. The constant updating of its capabilities, highlighted by the 23H2 version, demonstrates Microsoft’s commitment to keeping pace with the evolving market needs and user expectations. Azure Stack HCI is not just a solution for current needs but a strategic investment to bring cloud innovation into one’s on-premises environment.