Azure Cloud for VMware Solutions simplifies the process of harnessing the enormous potential of the cloud for an organization. You can migrate VMware workloads to the Azure Cloud using tools, technologies, and skills currently used in cloud consumer environments on-premises.
VMware Cloud Foundation is used to design and deploy Azure VMware Solution. Its software-defined compute, storage, networking, and management provide an end-to-end solution for Infrastructure as a Service (IaaS). Integrated into Microsoft Azure, it provides a hosted platform for the VMware Software Define Datacenter with end support by Microsoft. VMware skills and tools can be leveraged within the global Microsoft Azure infrastructure. VMware workloads can be seamlessly migrated to Azure from on-premises environments without the need to rearchitect applications or retool operations using Azure VMware Solution.
Fundamentals of cloud computing and Microsoft Azure
The foundation of Azure VMware Solution
Key Microsoft AVS terminologies
The inner engineering of AVS
Fundamentals of Cloud Computing and Microsoft Azure
In this section, you’ll learn what cloud computing is. A cloud computing service delivers IT resources and applications via the Internet with pay-per-use pricing on a pay-as-you-go basis. Suppose cloud consumers need to share photos with millions of mobile users or provide services that help enterprises run effectively and efficiently. In that case, the cloud offers rapid access to flexible and low-cost IT resources.
Cloud computing delivers computing functions like compute, network, storage, databases, software, analytics, artificial intelligence, and other IT functions to businesses and consumers through a secured network, thus achieving economies of scale.
The concept of cloud computing has evolved enormously from a confusing and highly insecure concept to one that IT consumers widely embrace. Many cloud consumers, regardless of size, adopt cloud computing to provide services and as crucial part of achieving their IT strategy.
An image of the characteristics of cloud computing has 6 boxes labeled Self Service, Flexibility, Pooled resource, Measured Service, Rapid elasticity, and Broad Network Access.
Characteristics of cloud computing
Consumers of cloud computing don’t have to make significant up-front investments in hardware or spend a great deal of time managing it. In contrast, cloud consumers can select the exact type and size of computing resources they need. The cloud consumer IT department needs to run the newest bright idea. Using cloud computing, cloud consumers can access as many resources as they need almost instantly.
In simple terms, cloud computing allows you to access servers, storage, databases, and a wide range of application services over the Internet. Cloud computing service providers such as Azure own and maintain the network-connected hardware necessary for these application services while also providing and using the computing resources required by cloud consumers.
Cloud computing introduces a paradigm shift in how businesses obtain, use, and manage their technology and how they budget and pay for technology services. Adapting the computing environment quickly to changing business requirements enables organizations to optimize spending. As usage patterns fluctuate, capacity can be automatically scaled up or down, and services can be temporarily taken down or shut down permanently as needed. In addition, Azure Cloud services become operational rather than capital expenses with pay-per-use billing.
Top Six Benefits of Cloud Computing
Both small and large organizations use cloud computing technology to store information in the cloud and access it from anywhere using an Internet connection.
An illustration depicts the six advantages of cloud computing. They are Economies of Scale, Opex versus Capex, Stop Guessing Capacity, Pay Attention on Business Differentiators, Reliability and Security, and Global Search.
Benefits of cloud computing
The first benefit is economies of scale: cloud computing is available in both global or local availability to meet security, regulation, and compliance requirements.
Enterprises can lower their variable costs compared to private cloud consumers. Azure, for example, can achieve economies of scale by aggregating usage from hundreds of thousands of customers, which translates into lower prices.
The second benefit is OpEx vs. CapEx: cloud computing eliminates the need for capital expenditures such as hardware and software running in on-premises datacenters, power and cooling, and staffing such as subject matter experts managing complex components 24/7.
Cloud service providers run on a consumption-based model, meaning no upfront cost or no CapEx and only OpEx. Thus, cloud service providers can offer the ability to pay for additional resources only when needed and the ability to stop paying when no longer needed.
The third benefit is forecasting capacity: cloud computing runs in dedicating datacenters connected globally on a worldwide network. The systems are very highly secured and are frequently patched and upgraded to the latest and greatest computing systems. Cloud computing offers excellent benefits compared with on-premises traditional datacenters.
Organizations often end up with expensive idle resources or limited capacity requiring a capacity allocation or procurement decision before deploying applications. Cloud computing allows organizations to stop guessing about their infrastructure requirements for meeting their business needs. With a few minutes’ notice, cloud consumers can scale up or down as necessary.
The fourth benefit is focusing attention on business differentiators. Instead of spending time racking, stacking, and powering servers, organizations can focus on their business priorities with cloud computing. This paradigm shift can free organizations from spending time and resources on maintaining and running datacenters. By using cloud computing, businesses can concentrate on projects that differentiate their specific business, such as analyzing petabytes of data, delivering video content, creating mobile applications, or exploring Mars.
The fifth benefit is reliability and security. Cloud computing makes data backup, business continuity, and disaster recovery significantly less expensive. Cloud computing has site-level redundancy. Application and data are replicated and mirrored across the redundant sites or availability zones simply via the subscription.
Modern-day cloud service providers offer security components, controls, policies, compliance needs, and regulations standards which, when utilized correctly, heavily improve the security posture end to end. As a result, the application infrastructure can be highly data secure and can manage potential vulnerabilities and threats.
The sixth benefit is global reach. Cloud computing also provides the advantage of going global in minutes. Organizations can deploy their applications globally in just a few clicks. Organizations can use this technology to provide redundancy across the globe and provide lower latency and better experiences to their customers at a minimal cost. Cloud computing makes it possible for any organization to go global, which was previously only available to the most prominent corporations.
Three Delivery Models of Cloud Computing
Organizations can encounter abnormal freight on their IT infrastructure to meet growing client expectations for speedy, secure, and stable services. As they strive to develop their IT systems’ processing compute and storage abilities, these organizations often find that improving and managing a hardy, scalable, and secure IT foundation is prohibitively high-priced.
Cloud computing equips DevOps, DevSecOp, and SRE engineers with the ability to converge on what matters most and withdraw undifferentiated trade such as procurement, support, and retention planning. As cloud computing has increased in prevalence, numerous distinct models and deployment strategies have emerged to fit the specific needs of other users. Each cloud service and deployment organization provides consumers with diverse control, flexibility, and management levels.
An illustration of two cloud computing deployment types. 1, cloud native with I a a S, P a a S, and S a a S. 2, hybrid cloud with private and public.
Cloud computing deployment types
Cloud native refers to when all application components are running on the cloud and the cloud-based application is fully deployed in the cloud. Applications in the cloud have either been developed using cloud technology or migrated from conventional infrastructure to take advantage of the cloud’s benefits. In cloud-based applications, low-level infrastructure pieces or higher-level services can be used, abstracting away the management, scalability, and architecture requirements of core infrastructure.
Cloud hybridization refers to workloads run on an on-premises or co-located infrastructure, while also having infrastructure hosted in the cloud. A hybrid cloud environment enables cloud consumers to maximize the agility and flexibility of a public cloud environment while taking advantage of their existing investments.
A block diagram depicts three cloud computing deployment models. 1, I a a S. 2, P a a S. 3, S a a S.
Cloud computing deployment models
Infrastructure as a Service is about delivering compute, network, storage, and backup as a service that can be consumed on a yearly, monthly, or hourly basis. Resource units and their prices are provided via a catalogue.
Platform as a Service is all about IaaS with an integrated set of middleware functions. Software development and deployment tools mean you have a constant way to create, modify, update, and deploy an application in the cloud environment.
Software as a Service is when the application is hosted on top of PaaS or IaaS, either dedicated or shared. In this deployment model, cloud consumers only pay per the app’s consumption. The cloud service provider fully manages the underlying infrastructure and platform.
Now let’s explore the Azure Cloud.
Microsoft Azure Overview
Azure is Microsoft’s hyperscaler cloud offering. Azure offers 200 or more IT services online and enables businesses to accomplish almost all their needs in modern digital environments. The services are sets of integrated tools, prebuilt templates, and managed services to make building and operating enterprise, mobile, web, and IoT apps easier. Many of the products in Azure leverage the tooling skills cloud consumers already have and the technology they already understand.
Azure supports the broadest range of Microsoft operating systems, programming languages, frameworks, tools, databases, and devices. With Docker integration, cloud consumers can run Linux containers; build apps with JavaScript, Python, .NET, PHP, Java, and Node.js; and create back ends for any device. Millions of users trust the Azure service.
Azure has features such as networking with secure private connections, hybrid databases, storage solutions, and data residency and encryption to integrate with existing IT environments. With Azure Stack, cloud consumers can bring the Azure model of app development and deployment into their datacenters.
Microsoft provides industry-leading protection and privacy to cloud consumers. The EU’s data protection authorities have recognized Azure for its commitment to strict EU privacy laws. At the time of writing this book, Microsoft is also the first global cloud provider to adopt the new ISO 27018 international privacy standard.
Cloud consumers only pay for what they use with Azure’s pay-as-you-go services. At the time of writing this book, Microsoft manages Azure’s worldwide network of datacenters in 26 regions (more than Amazon Web Services and Google Cloud combined). With this fast-growing global footprint, cloud consumers can run apps and expect excellent performance. Moreover, Azure is the country’s first multinational cloud service.
Azure’s predictive analytics services redefine business intelligence, including machine learning, Cortana Analytics, and stream analytics. By analyzing cloud consumers’ structured, unstructured, and streaming IoT data, these analytics can improve customer service and uncover new business opportunities.
No workload is too big or too small for Azure. At the time of writing this book, Azure is used by more than 66% of Fortune 500 companies because it offers enterprise-grade service level agreements, 24/7 tech support, and round-the-clock service monitoring.
Generally, large businesses integrate Azure into their existing environment by migrating from a lower one. Cloud computing is not just about moving workloads to the cloud. With constant improvements and new features, it is much more.
Cloud consumers access Azure services via a web-based unified console that replaces command-line tools. The Azure portal can be used by businesses to manage Azure tenant subscriptions, and IT can deploy, manage, and monitor all subscribed IT services. Customized IT dashboards can be created in the Azure portal so that cloud consumers can see structured views of IT services they consume. Azure portal users can also customize accessibility options for a better experience.
A flow diagram of Microsoft azure foundation flow from High Availability, Scalability, Reliability, Elasticity, Agility, Geo-distribution, Resiliency, Security, and Edge.
Microsoft Azure’s foundation
The second concept to understand in the Azure global infrastructure is that it is developed with two key elements. The first is the physical infrastructure, and the second is the connective network components. The physical infrastructure comprises 200+ physical datacenters organized into regions and connected by one of the most extensive interconnected networks.
A block diagram of Azure Geographics built on Azure Region Pairs. The Region Pairs are comprised of Availability Zones made of Availability Sets.
Microsoft Azure global infrastructure logical view
Azure Region
Azure regions are a collection of physical datacenters installed within a security and latency-defined network perimeter and connected via a dedicated, low-latency network.
Dedicated regional low-latency networks connect each region’s datacenters within a latency-defined perimeter. Azure’s design ensures optimal performance and security for all regions.
With Microsoft Azure, cloud consumers have the freedom to install and configure applications on demand. The Azure region is equipped with a variety of IT services and pricing.
A pair of regions is what Azure calls a logical boundary, and regional teams contain two geographically defined regions.
A world map of Microsoft Azure geography marks availability regions, announced regions, and availability zones.
Microsoft Azure geography
There are more Azure regions globally than any other cloud provider. Because of the global presence, Azure architects can bring cloud consumer applications close by putting them in these regions no matter where cloud consumer end users are located. The global regions provide better scalability and redundancy, and cloud consumers can also maintain data residency.
Azure Geography
Azure geography is composed of regions that meet various compliance and data residency requirements. As much as possible, Azure geography enables cloud consumers to keep their apps and data close to their business. Azure geography is fault-tolerant to withstand region failure via the dedicated high-capacity networking elements of Azure.
By utilizing dedicated high-capacity networking elements, Azure geography is fault-tolerant to withstand region failures. There are at least two regions separated by a considerable physical distance in each geography, which is vital to Azure Cloud. This pattern allows Azure to achieve disaster recovery in the region.
Microsoft encourages customers to replicate their data across multiple Azure regions. Microsoft promises network performance between regions of 2 milliseconds or less.
Azure Availability Zones
Microsoft Azure developed a cloud pattern named availability zones to achieve maximum availability for IT services that demand maximum uptime. Locations are unique to a region. Datacenters in each zone/region are equipped with independent power, cooling, and networking. Microsoft Azure mandates a minimum of three availability zones enabled within each region wherever they exist.
In Azure, availability zones are physically separate locations within a region that can withstand local failures. There can be a variety of failures, including software and hardware failures, earthquakes, floods, and fires. Due to Azure’s redundancy and logical isolation, it has a high degree of fault tolerance. Each availability zone-enabled region has a minimum of three availability zones for resiliency.
Availability zones apply only to the available services and not all services offered by Azure.
By deploying IT services to two or more availability zones, the business achieves maximum availability. Microsoft Azure offers a service-level agreement of 99.99% uptime for virtual machines provided if two or more VMs are deployed into two or more zones.
A diagram of the azure availability zone. It depicts the linkage between availability zone 1, 2, and 3. The connection of zone 1 and 2 with diverse fiber paths connecting A Z.
Azure availability zone
Microsoft Azure offers three types of availability zones: zonal services, zone-redundant services, and zone non-regional services.
Microsoft Azure zonal services are IT services such as virtual machines (VMs), managed disks used in VMs, and public IP addresses used in VMs. To achieve the HA design pattern, the IT function must explicitly install zonal services into two or more zones.
Microsoft Azure zone-redundant services are services such as zone-redundant storage and SQL databases. To use the availability zones with ZRS and SQL DB services, you must specify the option to make them zone-redundant during deployment.
Microsoft Azure Non-Regional Services
Azure services are constantly ready from Azure geographies and are resilient to zone-wide blackouts and region-wide blackouts.
A diagram of the azure availability zone. It depicts the linkage between availability zone 1, 2, and 3. Availability zone 3 is connects the disaster
Azure availability zone
High availability zones and protection from large-scale phenomena and regional disasters are essential to some organizations. Azure regions are designed to protect against localized disasters by utilizing availability zones and protection from regional or large geographic disasters by using disaster recovery by utilizing another region.
The third key concept is to understand FinTech management, a choice offered by Azure. By grouping your Azure subscriptions, you can take bulk actions on them. You can manage your subscriptions and resources efficiently by creating an Azure management group hierarchy tailored to your business needs. You can apply governance conditions to any Azure service, such as policies, access controls, or full-fledged blueprints using the full platform integration. You can manage resources better and get visibility into all your resources. Via a single dashboard, you can monitor costs and usage.
An image of the Azure infrastructure governance and cost management. It flows from management groups, subscriptions, resource groups, and Azure resources.
Azure infrastructure governance and cost management
A resource is an instance of a service cloud that consumers create, such as a virtual machine, storage, or SQL database.
Resource groups act as logical containers that Azure uses to deploy and manage resources, such as web apps, databases, and storage accounts.
An account subscription is a grouping of user accounts and the resources they create. A certain number of resources can be created and used per subscription. Organizations can use subscriptions to manage costs and the resources that users, teams, and projects create.
You can manage access, policies, and compliance across multiple subscriptions with management groups. All subscriptions inherit the conditions applied to the management group in a management group.
Let’s get started with the Azure resource group.
Azure Management Groups
Management groups are an efficient method to enforce policies and privilege control to Azure cloud resources. In a similar approach as a resource group, a management group is a logical container for structuring Azure resources. However, management groups can withhold a single Azure subscription or nested management group. The Azure management group hierarchy supports up to six levels only and it is impossible to have multiple parents on a single management group or a single subscription.
It is possible to support 10,000 management groups in one directory.
It is possible to have a depth of six levels in a management group tree. Subscription and root levels are excluded.
There can only be one parent for each management group and subscription.
There can be many children for each management group.
All subscriptions and management groups are grouped into a single hierarchy in each directory.
Azure Subscriptions
An Azure subscription is automatically initiated as soon as a user signs up for Azure Cloud Kick Start and all the resources created within the subscription. However, enterprises or businesses can create additional subscriptions that are tied to an Azure account. Other subscriptions use cases are applicable whenever companies want to have logical groupings for Azure resources, especially for reports on resources consumed by departments.
Free Trial: Completely free access for a limited time per account for limited resources. Expired accounts cannot be reused.
Pay-As-You-Go: Pay only for resources consumed in Azure. No CapEx involved and cancellation is possible at any time.
Pay-As-You-Go Dev/Test: A subscription for Visual Studio that can be used for dev and testing. No production usage.
For a Microsoft Azure subscription, each one has a unique identifier called a subscription ID. Microsoft recommends using the subscription ID to recognize the subscription.
Azure Resource Group
A resource group is a logical collection of virtual machines, containers, storage accounts, virtual networks, web apps, databases, and dedicated servers. Users typically group related resources for an application, divided into production and non-production, but you may decide to further subdivide on demand.
There is a logical group for all Azure services subscribed to a resource group. Azure admins can deploy and run all services integrated with a specific app by grouping them. Maintaining an enterprise array of services within a silo is now unnecessary.
It is impossible to attach an Azure resource to more than one resource group. You can move resources from one group to another whenever you delete a resource group. All resources associated with a resource group are deleted when the resource group is deleted.
Azure Resource Manager
Azure Resource Manager (ARM) is a crucial component for managing underlying IT resources. To avoid operational overhead in managing all Azure services separately and to quickly deploy and manage Azure services, Microsoft developed a solution named Azure Resource Manager.
Azure Resource Manager is a deployment and management service that runs in Azure, and it interacts with most Azure services.
Both the Azure portal and the Azure command-line tools work by using Azure Resource Manager, which permits cloud consumers to deploy multiple Azure resources on the go quickly.
Azure Resource Manager makes it possible to reproduce any redeployment with the consistent outcome if there is a failure of the existing build.
Azure virtual machines are an IaaS from Microsoft, and Microsoft manages the underlying physical compute, network, and storage. Cloud consumers manage the operating system, apps, and data run on top of the VM.
Availability sets protect VMs with fault domains. Fault domains protect VMs from a hardware failure in a hardware rack.
Scale sets allow the business to set up auto-scale rules to scale horizontally when needed.
Azure App Service makes it easy to host web apps in the cloud because it’s a PaaS service that removes the management burden from the user.
App Service apps run inside an App Service plan that specifies the number of VMs and the configuration of those VMs.
Containers allow cloud consumers to create an image of an application and everything needed to run it.
Azure Container Instances (ACIs) allow cloud consumers to run containers for minimal cost.
Azure Kubernetes Service (AKS) is a managed service that makes it easy to host Kubernetes clusters in the cloud.
Azure Cosmos DB is a NoSQL database for unstructured data.
Azure SQL Database is a Microsoft-managed relational database.
Azure Database is a Microsoft-managed MySQL database.
An Azure virtual network provides Azure services to communicate with several others and the Internet.
Azure Load Balancer can distribute traffic from the Internet across various VMs in a dedicated vNet.
ExpressRoute allows cloud consumers to have a high-bandwidth connection to Azure of up to 10 Gbps by attaching to a Microsoft Enterprise Edge router.
Azure DNS accommodates fast DNS responses and high domain availability.
Azure Disk Storage is virtual disk storage specific to Azure VMs. It manages disks, which removes the operation burden of disks.
Azure Files allows cloud consumers to have disk space in the cloud to map to a drive on-premises.
Azure Blob Storage offers Hot, Cool, and Archive storage tiers based on how long cloud consumers intend to store data.
Azure DevOps uses development collaboration tools such as pipelines, Kanban boards, Git repositories, and comprehensive automated and cloud-based non-functional testing.
Azure Virtual Desktop makes apps and desktops readily available to multiple users from almost any device from anywhere.
Azure Management Offerings
An illustration of Azure management has two methods. 1, Interactive with visuals. 2, command Line with code-based.
Azure management methods
Azure’s visual tools provide full access to all functionality in a visually friendly manner. It may be less valuable to use visual tools when you’re trying to deploy a large number of interdependent resources and have multiple configuration options.
In most cases, a code-based tool is the better choice when configuring Azure resources quickly and at scale. The correct commands and parameters may take some time to understand, but they can be saved into files and used repeatedly. Setup and configuration code can also be stored, versioned, and maintained in a source code-management tool such as Git. When developers write application code, they use this approach to manage hardware and cloud resources. It is called Infrastructure as Code (IaC).
In IaC, two approaches are available: imperative and declarative. The imperative code details each step required to achieve the desired result. Contrary to declarative code, imperative code specifies only the desired outcome, and it allows an interpreter to determine how to achieve it. It is crucial to distinguish declarative code tools from those based on logic, as declarative code tools provide a more robust way of deploying dozens or hundreds of resources simultaneously and reliably.
For managing your cloud environment, Microsoft offers a variety of tools and services, each geared toward a different scenario and user.
A pyramid diagram depicts five Microsoft azure management methods. They are Microsoft Azure portal, Azure power shell, Azure C L 1, A R M templates, and Azure mobile app.
Microsoft Azure management methods
Microsoft Azure portal: Deploy, run, and monitor everything via a single management plane from web apps, databases, virtual machines, virtual networks, storage, and Visual Studio team projects to the aggregate cloud-native application from a unified console.
When you sign up for the Azure portal, you can take a tour of it. If you’re not familiar with the portal, taking the tour is a good use of your time.
A screenshot of the Microsoft Azure portal with a web-based interface that accesses almost all Azure features. It provides an intuitive G U I to view all of the services being used, create new services, and configure them. It has a welcome message, a list of Azure services, navigation guide, and tools.
Microsoft Azure portal
Microsoft Azure PowerShell: Azure PowerShell is a kit of cmdlets for operating Azure resources immediately from the PowerShell command-line interface. Microsoft developed Azure PowerShell to make it easy to read, write, and execute code to provide powerful automation features for IT support functions. AVD administrators can use Azure PowerShell when they want to automate code.
Microsoft PowerShell 7.x and the following higher version are recommended.
Microsoft Azure CLI: The Azure CLI is convenient for deploying in Windows, macOS, and Linux environments. The Azure command-line interface, the Azure CLI, is an excellent option; the most straightforward way to begin with Azure PowerShell is by trying it out in an Azure Cloud Shell environment.
Microsoft Azure Cloud Shell: The Azure cloud shell is the completely online version, so there’s no need of any deployment. Upon the first launch of the Cloud Shell, you choose the environment to be used. The Cloud Shell presents two choices: bash and PowerShell. Cloud consumers can change the choice after it is configured the first time.
An image of Azure cloud shell icons. It depicts square with greater than symbol, filter, bell, setting, question mark, and person icons.
Azure Cloud Shell
A screenshot of the Azure Cloud Shell upon launch. On top is a welcome message, followed by subscription options to be able to create an Azure storage account.
Azure Cloud Shell with bash and PowerShell
Microsoft ARM templates: The Azure CLI and Azure PowerShell both allow Azure administrators/developers to set up and tear down one Azure resource or orchestrate an infrastructure comprised of hundreds of resources. However, there’s a better way to do this.
Azure Resource Manager templates (ARM templates) allow Azure administrators/developers to describe resources in a declarative JSON format. As a result, the entire ARM template is verified before any code is executed, ensuring that the resources are correctly created and connected. The template then orchestrates parallel creation. Consequently, if Azure administrators/developers need 50 instances of the same resource, all of them will be created simultaneously. Developers, DevOps professionals, and IT professionals need to specify each resource’s desired state and configuration in the ARM template, and the template takes care of the rest. Scripts can even be executed before or after a resource has been set up using templates.
Azure resource health and status can be monitored.
A web app or virtual machine can be restarted to catch alerts, diagnose problems, and fix them quickly.
Azure resources can be managed for cloud consumers using the Azure CLI and Azure PowerShell commands.
Azure Monitoring Offerings
Microsoft Azure Monitor: Azure Monitor lets cloud consumers maximize the functional and non-functional KPIs of applications and services. It gives an end-to-end solution for gathering, interpreting, and acting on the data feed from the Azure tenant cloud and integrating it with on-premises environments. In addition, it offers golden signals to identify issues affecting KPIs proactively.
Metrics: It automatically gathers metrics (defined key performance indicators) into Azure Monitor Metrics.
Logs: It maintains diagnostic configurations, collecting platform logs, and key performance indicators in Azure Monitor Logs.
Insight: Azure Insight is available for the cloud consumer’s subscribed service and presents a well-defined monitoring experience for the consuming service.
Service health: Microsoft runs an Azure status web page where cloud consumers can observe information in each region where Azure runs. While it is a healthy aspect of overall Azure health, the immense range of the web page doesn’t make it the common powerful way to get an overview of the health of cloud consumer-specific services. Instead, Azure Service Health can provide cloud consumers with a picture of consumed resources.
A screenshot of the Azure Monitor services. The options include Overview, Activity log, Alerts, Metrics, Logs, Service Health, Workbooks, and 13 more options under Insights.
Azure Monitor
A screenshot of the Azure Monitor dashboard, with a main message saying Monitor your applications and infrastructure. There are options to Monitor and Visualize Metrics, Query and Analyze Logs, and Setup Alert and Actions.
Azure Monitor dashboard
Microsoft Azure Advisor: Microsoft Azure Advisor offers recommendations and impacts of services regarding cost, security, reliability, performance, and operational excellence. It also guarantees that cloud consumer resources are configured accurately for availability and efficiency. In addition, Microsoft Azure Advisor can inform cloud consumers about predicaments in Azure services configuration to avoid trouble.
A screenshot of the Azure Advisor services. The options include Overview, Advisor score preview, Recommendations, Monitoring, and Settings. Under Recommendations are Cost, Security, Reliability, Operational excellence, Performance, and All recommendations. Under Monitoring are Alerts and Recommendation digests. Under Settings is Configuration.
Azure Advisor
A screenshot of the Azure Advisor Overview page depicts separate boxes labeled Security, Reliability, Operational Excellence, and Performance. Each box indicates Recommendation, High, Medium, and Low Impact, and Impacted resource.
Azure Advisor overview
Azure Security and Compliance Offerings
Security is one of several critical aspects of any design. Assuring cloud consumers that their business applications and data are secure is essential. A data compromise can destroy an organization’s reputation and create financial wickedness.
When end users, end user devices, and organization data are contained inside the organization’s firewall, it’s assumed to be trusted. This implicit trust can be an easy target for a malicious hacker.
Critical defense in-depth and identify key security technologies and methods to promote a defense-in-depth strategy into reality.
Identities, devices, infrastructure security, network protection, application security, and data encryption are essential and integral to any security design. Securing cloud consumers’ networks from attacks and unauthorized access is vital.
Microsoft uses a layered path to security, both in datacenters and across Azure services. A key component to know is defense-in-depth. The zero trust model drives security researchers, engineers, and architects to design using an applied security approach and layered maneuvering to guard their resources provisioned across the cloud and on-premises with shared responsibility.
An image depicts the defense in depth in a triangle with multi layered oval. The edge of the triangle is labeled integrity, confidentiality, and other availability. The oval has Seven layers.
Defense-in-depth
Protects against security threats via Microsoft Azure Security Center
Detects and responds to security threats via Microsoft Azure Sentinel
Stores and manages secrets via Microsoft Azure Key Vault
Azure Security Center: Azure Security Center (renamed to Microsoft Defender for Cloud) is a consolidated infrastructure security control system that extends the security posture. It provides exceptional threat protection across hybrid workloads running in the multi-cloud, including the cloud consumer’s private cloud.
Keeping cloud consumers’ IT resources protected is a collective work between the cloud service provider, Microsoft Azure, and the cloud consumers. Cloud consumers have to make sure data and app workloads are secure when running in the Microsoft Cloud. At the same time, when you move to IaaS, there is more customer responsibility than there was in PaaS and SaaS. Azure Security Center provides cloud consumers with a rich set of tools to strengthen their networks and secure their benefits.
Swiftly changing workloads: Azure Security Center can address the strengths and challenges of the cloud.
Frequently complex attacks: Cloud consumers must secure workloads in public cloud workloads.
Security professionals are few in number: The number of security alerts and alerting rules is far higher than the number of security professionals with the required knowledge and practice to ensure that cloud consumers’ environments are protected.
A screenshot of the Azure Security Center Overview page depicts the Azure subscriptions, A W S accounts, G C P Projects, Assessed resources, and Active recommendations. Below are separate boxes for Secure score, Regulatory compliance, Azure Defender, and Firewall Manager.
Microsoft defender for Cloud
Azure Key Vault: Azure Key Vault is a cloud-native service for securely saving and reaching secrets (keys). A key is anything cloud consumers want to control access to, such as API keys, passwords, certificates, or cryptographic keys.
The Key Vault service supports two types: vaults and managed hardware security module (HSM) pools. Azure Key Vault strengthens the Transport Layer Security protocol to guard data when moving among Azure Key Vault and clients.
Azure Sentinel: Azure Sentinel is Microsoft’s cloud-native SIEM that presents exceptional security analytics for the entire cloud enterprise at a cloud scale. Microsoft’s SIEM solution is designed as a cloud-native security-monitoring platform that uses the power of the cloud for analytics and detections. Azure Sentinel provides straightforward amalgamation with flags and statistics from security solutions despite Microsoft Azure or any other cloud inclusive of a private cloud. Azure Sentinel combines machine learning algorithms, global security investigation, and the extent and intensity of the essential security data available to Microsoft as a significant enterprise vendor. Azure Sentinel helps cloud consumers discover known and unknown attack vectors, recognizing threats across all steps.
Azure Compliance: Azure compliance has 90+ certifications, including covering 50 distinct global regions and countries, the US, the European Union, Germany, Japan, the United Kingdom, India, and China. And you get more than 35 compliance offerings particular to the requirements of critical industries, including government, education, finance, manufacturing, health, and media.
Regulatory compliance in Azure Policy presents built-in action representations to observe a listing of the controls and compliance domains based on obligations (cloud consumers, Microsoft, shared).
Microsoft Azure offers global coverage with Center for Internet Security (CIS) benchmarks, Cloud Security Alliance (CSA) STAR Attestation, Cloud Security Alliance (CSA) STAR Certification, Cloud Security Alliance (CSA) STAR Self-Assessment, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2019, ISO/IEC 27701:2019, ISO 9001:2015, System and Organization Controls (SOC) 1 Type 2, System and Organization Controls (SOC) 2 Type 2, System and Organization Controls (SOC) 3, and Web Content Accessibility Guidelines.
Getting Started with Azure VMware Solution
In this section, you’ll learn what Azure VMware Solution is. Over the years, organizations that run virtualized environments on-premises have faced many challenges, including incurring significant capital expenditures, spending a lot of resources, and spending a lot of time managing and maintaining the servers. Additionally, in this model, licenses are typically purchased with elaborate and lengthy enterprise license agreements (ELAs), which are inflexible and unable to scale rapidly to meet ever-changing business requirements.
Is it possible to leverage cloud consumers’ current investments while implementing virtualization in the cloud era?
In a partnership with Microsoft, VMware offers a streamlined approach for migrating VMware environments. VMware workloads can be deployed in a hybrid cloud architecture with Microsoft Azure Cloud, enabling cloud consumers to achieve significant benefits while using the familiar tools, resources, and capabilities of VMware deployments on-premises. VMware and Microsoft enable IT departments to create dynamic, virtualized pools of resources from static servers and networks. These resources can be provisioned on-demand based on evolving business and technical needs.
A cloud image of Azure VMware solution has Azure and Private cloud VMware icon.
Azure VMware Solution
Key AVS Capabilities
Cloud customers can immediately access Azure’s high availability, disaster recovery, and backup services, minimizing risk and ensuring business continuity for their critical workloads.
Whenever cloud consumers want to consolidate, retire, or expand their existing datacenters, they can access additional capacity on demand. When cloud consumers move to Azure, they will be able to use the same VMware tools they are already familiar with from on-premises environments, such as VMware vSphere, vSAN, and vCenter. vSphere-based applications can be redeployed to Azure without requiring refactoring.
Cloud consumers can manage their existing environments with VMware tools they’re familiar with, while modernizing their applications with native Azure management, security, and services. Taking on modernization one step at a time is easy with Azure VMware Solution. They can utilize native VMware tools and management experiences to build cloud competencies and modernize over time.
AVS leverages VMware VCF for a VMware-compliant architecture.
With the Azure hybrid benefit, cloud consumers can bring their own Windows Server and SQL Server licenses with Software Assurance to Azure. As part of the Azure VMware Solution, customers receive free extended security updates for Windows Server 2008 and SQL Server 2008 R2 for up to three years after the end-of-extended-support date. With Reserved Instances for Azure VMware Solution, cloud consumers can reduce costs.
AVS increases cloud consumers’ productivity by moving VMware workloads to Azure and utilizing the elasticity, scale, and fast provisioning only available via the cloud. Cloud consumer productivitiy means saving time and efforts in phyiscal provisoning compute, storage and networks.
Azure is the best choice for cloud consumers running Microsoft Windows and SQL Server workloads, based on licensing and support options from Microsoft.
Cloud consumers can get on-demand access to additional capacity when they consolidate, retire, or expand existing datacenters.
They can move to Azure seamlessly using VMware’s HCX technology and continue to manage their environment using the same VMware tools they already know, such as vSphere Client, NSX-T, Power CLI, or any popular DevOps toolchain.
They can ensure operational continuity when redeploying vSphere-based applications to Azure and avoid the complexity of application refactoring.
Using Microsoft’s Azure operating platform and back-end infrastructure, it is possible to run VMware vSphere, VMware vSAN, and VMware NSX-T natively and at scale. Cloud consumers’ workloads can run on a single-tenant, fully managed, bare-metal Azure infrastructure, eliminating the hassles of procuring, deploying, and managing a hardware infrastructure. Azure ExpressRoute is a high-speed, low-latency connectivity option for cloud consumers.
VMware Solutions for Azure are based on VMware Cloud Foundation, a comprehensive provider of compute, storage, networking, and management software deployed on Azure with integrated Azure services. By leveraging the global Microsoft Azure infrastructure, VMware customers can utilize their existing skills and tools. Using the Azure VMware Solution, VMware workloads can be seamlessly migrated or extended from on-premises to Azure without requiring costly rearchitecture or retooling of operations. Cloud consumers can build, run, manage, and secure applications across VMware environments and Microsoft Azure with familiar and established VMware tools, skills, and processes.
In Azure VMware Solution, a bare-metal Azure infrastructure is used to build vSphere clusters running on private clouds. Clusters can be expanded to 16 hosts over time, starting with a minimum of three hosts. vCenter Server and NSX Manager, the management tools for Azure VMware Solutions, are configured to be available 99.9% of the time.
A VMware-validated Azure VMware Solution includes ongoing testing and validation of enhancements and upgrades. It allows cloud consumers to focus on developing and running workloads in their private clouds while Microsoft manages and maintains their private cloud infrastructure and software.
An image of the Azure VMware integrated view depicts the connections of On Premises environments and Azure with clouds and virtual networks and Azure services.
Azure VMware integrated view
Figure 1-23 shows the relationship between private clouds and virtual networks in Azure, Azure services, and on-premises environments.
VMware vSphere: Uses the server virtualization platform designed for modern hybrid clouds to run existing applications along with modern containerized applications in Microsoft Azure.
VMware vSAN: Improves business agility while reducing costs with VMware vSAN, the enterprise-class storage virtualization software.
Azure VMware Solution uses hyper-converged Azure infrastructure hosts. High-end hosts are equipped with the processor of Intel 18-core and dual 2.3GHz processors plus 576GB of memory. Additionally, high-end hosts have two vSAN disk groups with 15.36TB of SSD for VMware vSAN’s basic capacity tier and 3.2TB (NVMe) of VMware vSAN’s cache tier.
VMware NSX-T: Connects and secures apps across datacenters, clouds, and containers, all from one interface. Cloud consumers manage most cluster configurations or operations via vSphere and NSX-T Manager. Each host of a cluster has access to their local storage through vSAN. The solution includes four 25 Gbps NICs per ESXi host, two of which are designated for ESXi system traffic and two for workload traffic.
VMware HCX: Continuity and workload rebalancing are built into the tool for extending the on-premises environments of cloud consumers into the cloud.
An Azure VMware Solution private cloud can be connected to a cloud consumer’s on-premises environment using ExpressRoute Global Reach. Cloud consumers connect circuits directly at the Microsoft Enterprise Edge (MSEE) level. Connecting via a virtual network (VNet) with an ExpressRoute circuit to on-premises requires an Azure subscription. Consequently, VNet gateways (ExpressRoute Gateways) cannot transmit traffic, which means cloud consumers can attach two circuits to the same gateway, but it won’t transmit traffic between them.
The Azure VMware Solution environments each have their own ExpressRoute region (their own virtual MSEE devices), so cloud consumers can connect Global Reach to “local” peering locations. Azure VMware Solution customers can connect multiple instances to the same peering location in a single region.
An Azure VMware Solution provides an on-premises and Azure-based private cloud environment. Physical connections are provided through Azure ExpressRoute, VPN connections, or Azure Virtual WAN. There are, however, specific network address ranges and firewall ports needed to enable these services.
Building a private network results from deploying a private cloud for management, provisioning, and vMotion. Cloud users use the private networks to access vCenter, NSX-T Manager, and virtual machine vMotion or deployment.
Collect logs on each of their VMs.
Install MMA agents on the Windows and Linux VMs.
Make sure Azure diagnostics are enabled.
Create queries and run them.
Create queries as you would in a VM.
Azure VMware Solution monitoring patterns are the same as those for Azure VMs within the IaaS platform.
Key AVS Benefits
Take advantage of VMware workloads running on the global Azure infrastructure to gain scale, continuity, and fast provisioning.
Maintain operational consistency using familiar technology including vSphere, HCX, NSX-T, and vSAN using VMware investments, skills, and tools.
Azure is the best cloud for those who use Microsoft workloads, and it offers unmatched pricing benefits for Windows Server and SQL Server.
Integrate Azure native management, security, and services with VMware applications to modernize them at their own pace.
Use Azure VMware Solution as their disaster recovery site and have it become the primary site in the event of a disaster.
Quickly scale out datacenter capacity on demand for seasonal, temporary, or regional needs with flexible payment plans.
Redeploy vSphere-based workloads to Azure in a nondisruptive, automatic, and scalable manner, reducing their on-premises infrastructure footprint.
Ensure disaster protection for on-premises virtual desktops by leveraging high-performance infrastructure and fast networking for virtual desktop infrastructure (VDI).
Key AVS Terminologies
A diagram depicts the azure VMware solution terminologies, labeled Virtual Machines, Hypervisor, Containers, Kubernetes, Virtual Networks, Hyperconverged Storage, Bare-Metal Hypervisor, Software Defined Storage and Networking, and Virtual Desktop Infrastructure.
Azure VMware Solution termniologies
Virtual Machines
Virtual machines (VMs) are used instead of physical machines to run programs and deploy apps. It is possible to run several virtual “guest” machines on a physical “host” machine. Even if they are running on the same host, virtual machines run their own operating systems and behave independently. A virtual macOS machine can, for example, run on a physical PC.
Hypervisor
Hypervisors, also called virtual machine monitors (VMM), are software tools that enable the creation and management of virtual machines. Virtually sharing resources like memory and processing among multiple guest virtual machines is possible with a hypervisor.
Containers
A container is a lightweight and standalone program that encapsulates the runtime environment, including the application and dependencies (libraries, binaries, and any additional configuration files), enhancing portability, scalability, security, and agility. Containers are highly efficient, enabling high resource utilization and high density. Even though containers can run almost any application, they are commonly associated with microservices, in which several containers run separate components or services. Container orchestration platforms such as Kubernetes are typically used to coordinate and manage the containers that make up an application.
Kubernetes
A container orchestration platform, Kubernetes facilitates the operation of a flexible web server framework in the cloud. Using Kubernetes, datacenters can be integrated into Azure public cloud providers or web hosting can be scaled. With Kubernetes, websites and mobile apps with complex custom code can be deployed on commodity hardware, lowering the cost of provisioning web servers with public cloud hosts and optimizing software development processes.
Virtual Networks
Using virtual networking, devices across different offices and datacenters can communicate with each other via computers, virtual machines, and virtual servers. Physical networks connect computers through cabling and other hardware, but virtual networks use software management to connect computers and servers over the Internet. In addition, virtualizing traditional network tools, like switches and network adapters, makes routing more efficient and configuration changes more manageable.
Hyperconverged Storage
The term hyperconverged storage refers to a type of hyperconverged infrastructure (HCI) in which storage, computing, and networking are integrated into a single virtualized system. Software-defined storage replaces dedicated hardware through flexible pools. A virtualization layer is installed on each node to share the resources within it across all nodes in a cluster, creating a large storage pool. SDN and load balancing determine which hardware is used to serve requests.
Using hyperconverged storage, administrators can manage resources more efficiently and reduce the total cost of storage ownership, often at a lower price than cloud service providers’ native storage.
Bare-Metal Hypervisor
Hypervisors separate a computer’s software from its hardware, allowing virtual machines to be created and managed. A hypervisor transfers requests between physical and virtual resources, making virtualization possible. Hypervisors installed directly on a physical machine, between the hardware and the operating system, are called bare-metal hypervisors. The firmware of bare-metal hypervisors is embedded at the same level as the motherboard basic input/output system (BIOS). Some operating systems require this to enable the operating system on a computer to access and use virtualization software.
Software-Defined Storage
With software-defined storage (SDS), provisioning and management of storage are independent of the underlying hardware. Separate storage pools can be managed as one logical device since they are managed as a single physical pool. Storage is aggregated between all disks in the compute hosts, and then the disks are pooled, formatted with object file systems, and allocated to VMs and file services.
Software-Defined Networking
Software-defined networking (SDN) enables networks to communicate with their underlying hardware infrastructure using software-based controllers or application programming interfaces (APIs). Unlike traditional networks, which rely on dedicated hardware devices for network control (i.e., routers and switches), this model relies on software to manage traffic. Software-defined networking is capable of creating and maintaining virtual networks, firewalls, and load balancing.
Virtual Desktop Infrastructure
A virtual desktop infrastructure (VDI) is a technology that provides and manages virtual desktops using virtual machines. Desktop environments are hosted on a centralized server and deployed to end users on demand.
Inner Engineering of AVS Components
Azure VMware Solution is based on vSphere, and Microsoft Azure now offers VMware’s enterprise-class software-defined datacenter (SDDC) software. Using the AVS solution, any application can run on vSphere-based private, public, or hybrid cloud environments. VMware offers it as an elastically scalable, on-demand, on-premises service delivered, sold, and supported through Microsoft Azure.
The VMware Azure VMware solution integrates compute, storage, and network virtualization technologies (vSphere, VMware vSAN, and VMware NSX). It is combined with VMware vCenter Server management and optimization; it provides a complete cloud solution built on a next-generation, elastic, bare-metal Azure infrastructure.
Azure VMware Solution is a managed environment, so Microsoft performs all upgrades and maintenance procedures.
An illustration of the A V S building blocks with v Realize Suite consisting of software services for compute, storage, network, and migrate and rebalance. It is built on technologies such as V M ware v Sphere, V M ware v S A N, and V M ware N S X-T, and V M ware H C X. This cloud infrastructure ensures consistent cloud operations across private and public clouds.
Azure VMware Solution building blocks
Let’s get started. VMware vSphere is a virtualization platform that combines resources like CPU, storage, and networking to aggregate bare-metal hypervisors into computing infrastructures. Cloud consumers have access to tools for administering the datacenters that are part of that environment via vSphere, which manages these infrastructures as a unified operating environment.
The VMware vSphere product family includes VMware ESXi and vCenter Server, and it is designed to build and manage virtual infrastructures. The vCenter Server system provides key administrative and operational functions, such as provisioning, cloning, and VM management features essential for a virtual infrastructure.
An illustration of Azure VMware solution VMware vSphere overview. It starts from VMware v Center server, application services, infrastructure services, network, and storage.
Azure VMware Solution VMware vSphere overview
There are four major components that make up a VMware vSphere implementation:
Compute: Resources made up of physical hosts and clusters with processors, memory, and I/O interfaces
Storage: Resources made of high-performance local disks based on best RAID configurations, SAN, network-based storage systems, and VMware vSAN (applicable to Azure VMware Solution)
Network: Resources made of physical and logical network connectivity, including virtualized security solutions based on VMware NSX-T
Management: Resources that provide basic and advanced VMware systems management, focusing on VMware vCenter Server Appliance, VMware vRealize Operations Manager, and VMware vRealize Log Insight. These systems offer services or interfaces for managing hosts, clusters, virtual machines, compliance and patch management, virtual networking, monitoring and alerting, virtual storage, backups, logging, and replication.
The compute building block is a key block in the VMware vSphere virtual infrastructure, consisting of ESXi hosts (CPU and RAM), virtual machines, resources pools, HA, and DRS clusters.
ESXi host: The ESXi host is a physical server running the VMware vSphere ESXi operating system (the hypervisor) in the compute building block. The ESXi host is a fundamental component that hosts virtual machines and other associated components such as virtual switches and datacenters.
Virtual machine: The VM is one of the compute block’s basic components. A VM is made of a set of files, namely a configuration file (.vmx), virtual disk files (.vmdk), a swap file (.swap), and log files.
Cluster: A cluster is a group of ESXi hosts with a shared network and storage. There are four main features in a cluster: vMotion, a distributed resource scheduler (DRS), high availability (HA), and fault tolerance (FT).
vMotion: vMotion allows administrators to move a running virtual machine from one physical host to another without powering it down.
Distributed resource scheduler: The distributed resource scheduler (DRS) from VMware aggregates CPU and RAM resources from all hosts in a cluster and intelligently allocates resources to virtual machines based on predefined rules that reflect business needs and changing priorities. With VMware Distributed Power Management (DPM), you can automate power management and minimize power consumption across servers in a VMware DRS cluster. While DRS is standard on all VMware deployments, DPM is not widely recommended.
DRS clusters extensively leverage vMotion functionality to migrate the virtual machines from one ESXi host to another to balance the load across the hosts within the cluster.
High availability: vSphere high availability is a feature in vCenter, at the cluster level, that provides higher availability levels for virtual machines than each ESXi host can provide individually. The vSphere HA feature is designed to provide an automatic restart of VM(s) on an ESXi host that goes down to a different ESXi host in the same cluster. HA starts to recover VMs in as little as 60 seconds.
One common misconception about HA is that it uses vMotion to provide seamless availability to virtual machines. HA does not use vMotion; it’s used only by DRS because it requires both the source and target hosts to be up and running. When an ESXi host fails, the virtual machines running on that host also fail (except when they are protected with fault tolerance, which has severe restrictions). HA is only there to ensure that those virtual machines are restarted automatically on the remaining cluster hosts.
Fault tolerance: Fault tolerance (FT) creates a second virtual machine to work in tandem with the virtual machine on which fault tolerance is enabled. There are two virtual machines located on different hosts in the cluster that run in sync with each other. When the first virtual machine fails, the second virtual machine replaces it with the least amount of service interruption as possible. Legacy FT provides access to the same VMDK storage for VM instances.
Legacy FT does not protect issues related to VMDK problems (corruption, access, etc.). vSphere 6 introduced options for storage redundancy and multiprocessor support, with limitations. It does not widely recommend the FT feature.
Kubernetes deployments in multi-cloud environments can be made more accessible with the VMware Tanzu Standard, which centralizes operation and governance across clusters and teams in on-premises, public clouds, and edge deployments. Customers can run their containerized workloads in the cloud with Tanzu Standard on Azure VMware Solution, with consistent operation and management to support their infrastructure modernization and app development.
VMware Horizon on Azure VMware Solution also provides seamless integration of virtual desktops and applications across a hybrid cloud.
Azure VMware Solution continuously monitors both the VMware components and the underlay, and Azure VMware Solution repairs the damaged elements as soon as a failure is detected. If Azure VMware Solution detects a degradation or loss on an Azure VMware Solution node, the host remediation process is initiated.
Host remediation involves replacing faulty nodes with new, healthy nodes in the cluster. As soon as possible, VMware vSphere maintenance mode is applied to the faulty host. When VMware vMotion is enabled, the VMs are moved from the faulty host to other available servers in the cluster, potentially resulting in zero downtime for live migrations of workloads. If the faulty host cannot be placed in maintenance mode, it is removed from the cluster.
Processor grade
Memory grade
Storage grade
Connection and power grade
Hardware fan grade
Hardware system board status
Hardware voltage
Hardware temperature status
Hardware power status
Errors occurring on the disks of a vSAN host
Network connection and connectivity failure
Private clouds with vSphere clusters are available via Azure VMware Solution. In those clusters, Azure hosts are dedicated bare-metal machines.
The same NSX-T Manager and vCenter server can manage multiple clusters within a private cloud, and Azure subscriptions can manage private clouds. Private clouds can be managed in any number within a subscription, and private clouds are initially limited to one per subscription.
For every private cloud created, a vSphere cluster is created by default. The Azure portal and API enable cloud consumers to add, delete, and scale clusters. Cloud consumers can choose the type of node that will fit their organization’s needs based on core, memory, and storage requirements, and Microsoft offers node configurations based on these requirements.
Next, let’s discuss virtual storage area networks (vSANs). A vSAN is a software-based distributed storage platform that combines compute and storage resources of VMware ESXi hosts. Azure bare metal hardware choices are more limited when designing and scaling a vSAN cluster.
A vSAN combines ESXi hosts’ compute and storage resources in a software-based platform. With vSAN, users can manage their storage resources easily.
The vSAN storage system is native to the vSphere hypervisor, so there is no need to deploy virtual appliances or the vSphere Installation Bundle (VIB) on each host in the cluster.
Validated Design for Software-Defined Datacenter (SDDC) design decisions forms the basis of the VMware vSAN core design. Based on the design, a flexible and highly scalable HCI storage solution is created to be incorporated into the product, such as the SDDC. The design of a component should be interchangeable with another similar element if it is not suitable for any reason for the business or technical requirement.
The Hyperconverged Infrastructure (HCI) market leader VMware vSAN continues to be the vSAN software. The vSAN solution is proven to be an excellent fit for all workloads. Currently, vSAN runs traditional applications such as Microsoft SQL Server, SAP HANA, Cassandra, and next-generation applications such as Splunk, Cassandra, and MongoDB. It also runs container-based services orchestrated through Kubernetes. Many factors contribute to vSAN’s success, such as its performance, flexibility, ease of use, robustness, and pace of innovation.
Disaggregated tools and specialized skill sets are often associated with traditional infrastructure deployment, operations, and maintenance paradigms. Using familiar tools for deployment, operation, and management of private cloud infrastructure, vSphere and vSAN simplify these tasks. VMWare vSAN is the cornerstone of the VMWare Cloud Foundation, which accelerates a customer’s Azure cloud journey.
VMware’s software-defined storage solution, built from the ground up for vSphere virtual machines, is called vSAN.
vSphere Client and vCenter are used to provision, configure, and manage locally attached disks in a vSphere cluster. Storage and compute for VMs run on the same x86 server platform running the hypervisor, as vSAN is embedded within it.
An illustration of the V M ware v S A N overview where v Sphere and v S A N are depicted as interlocked. Under it is the v S A N Datastore comprised of multiple Solid-State Disks or S S Ds.
VMware vSAN
The vSAN solution integrates with the entire VMware stack, including vMotion, HA, DRS, and more. Setting and modifying on-the-fly VM-level policies that control storage provisioning and SLA management is possible. It is the ideal storage platform for VMs because of its enterprise-class features, scale, and performance.
Flash drives (an all-flash configuration) or a combination of flash drives and magnetic disks (hybrid configuration) contribute cache and capacity to the vSAN distributed datastore.
An illustration of the V M ware v S A N disk classification depicts v Sphere and v S A N is interlocked. Under S S Ds, the disc group comprises capacity and cache.
VMware vSAN disk classification
Capacity is lower, but cache devices have higher endurance and are more cost-effective.
Cost-effective and low-endurance devices for the Capacity layer
The Cache layer performs writes, which are then destaged to the Capacity layer. This increases the usable life of lower endurance flash devices in the Capacity layer while maintaining performance.
As part of a hybrid configuration, one flash device and one or more magnetic drives are configured as a disk group. The capacity of the disk group can be as high as seven drives. There may be one or more disk groups based on the number of flash devices and magnetic drives contained in a vSphere host.
Magnetic drives provide the datastore’s capacity, while flash devices act as a reading cache and write buffer. As a read cache, vSAN uses 70% of the flash capacity, and as a write cache, 30%.
For applications to meet their service level requirements, VMware is constantly working to improve the performance and consistency of vSAN.
Azure VMware Solution uses native, locally installed, all-flash vSAN storage. vSAN uses all local storage from every host in a cluster to create a datastore, and data-at-rest encryption is enabled by default. vSAN datastores are enabled for deduplication and compression by default.
With 1.6TB of NVMe cache per disk group and 15.4TB of SSD capacity per host, all disk groups use NVMe cache. A vSphere cluster contains two disk groups containing a cache disk and three capacity disks. Each datastore is created as a private-cloud deployment and is immediately available.
vSAN datastore policies are created on vSphere clusters and applied to vSAN datastores. The required service level can be guaranteed by determining how the VM storage objects are allocated and provisioned within the datastore. A minimum of 25% spare capacity must be maintained on the vSAN datastore to maintain the service-level agreement.
An image depicts cloud consumer private cloud, Azure backbone, and Azure storage services.
Azure VMware Solution with Azure Cloud native storage services
Next, let’s discuss NSX-T. The NSX-T architecture has built-in separation of the data, control, and management planes. This separation delivers multiple benefits, including scalability, performance, resiliency, and heterogeneity.
VMware NSX-T fulfills the future application frameworks. In addition to vSphere, NSX-T environments may include other hypervisors, containers, and bare metal for prospective cloud consumers’ needs.
NSX-T is designed to manage heterogeneous endpoints and technology stacks in application frameworks and architectures. vSphere may be used in conjunction with other hypervisors, containers, bare-metal operating systems, and public clouds. IT and development teams can choose the technologies that are best suited for their applications using NSX-T. Development organizations can also manage, operate, and consume NSX-T.
In software, NSX-T gives users full access to the network services (such as switching, routing, firewalling, and load balancing) provided by a network hypervisor (network virtualization). Programmatic assembly of these services produces unique, isolated virtual networks in seconds. As well as network and endpoint-based security services, NSX-T provides a platform for various security services. In addition to a firewall and context-based security, NSX-T includes various built-in services. Furthermore, security vendors can implement guest introspection, network introspection, and agentless anti-virus/anti-malware capabilities using these frameworks, which are integrated into service-chained next-generation firewalls, IDS/IPS, file integrity monitoring, and vulnerability management deployments.
Four fundamental attributes characterize the NSX-T architecture:
Policy and consistency: Supports the definition of policies once, along with a deterministic end state using a RESTful API, which addresses today’s requirements for automated environments. The NSX-T has an inventory and control system that is unique and multiple components to determine desired outcomes across various domains.
Network connectivity: Allows for consistent logical switching and distributed routing across multiple KVM and vSphere nodes without tying the nodes to a compute manager or domain. In addition to providing connectivity across heterogeneous endpoints, the domain-specific implementation increases connectivity across containers and clouds.
Network security: This enables network connectivity with a unified security policy. It allows the implementation of services such as load balancing, edge (gateway) firewalls, distributed firewalls, and network address translation among multiple compute domains. The integrity of the overall framework established by security operations requires consistent security between VMs and container workloads.
Insight: Monitors collect metrics and track flow across domains through a standard set of tools. VMs and containers have drastically different tools for completing similar tasks, so visibility between them is essential for operationalizing mixed workloads.
These attributes enable heterogeneity, app alignment, and extensibility to support diverse requirements.
A diagram of the Azure VMware solution VMware N S X T depicts two planes. 1, management plane with N S X manager cluster. 2, data plane with private and public cloud.
Azure VMware Solution VMware NSX-T
Management plane: The management plane manages all system management, control, and data plane nodes, thus providing a single point of API entry into the system. It also persists user configurations, handles user queries, and performs operational tasks.
The user configuration is manipulated and persisted by NSX-T using the management plane. Data plane elements receive that configuration from the control plane, whereas the control plane is responsible for distributing it. Depending on where data exists, specific data can belong to multiple planes. Additionally, the management plane queries the control plane and sometimes the data plane directly for information about status and statistics.
As configured by the user via, only the management plane represents the true state of the configured (logical) system. The NSX-T GUI or RESTful API can be used for making changes.
The NSX-T Datacenter offers the capability to create clusters of managers to ensure the high availability of the APIs and user interfaces. Redundant load distribution and redundancy can be provided by external balancers or an NSX virtual IP provided by NSX. Azure NSX administrators also need to manage fewer virtual appliances due to merging the management plane and the central control plane into this new management cluster.
Control plane: It controls messages for network virtualization. Consumers of cloud services isolate the control plane’s communications from the data plane’s transport networks by creating secure physical networks (VLANs).
Based on the configuration in the management plane, the control plane calculates the runtime state. The control plane propagates topology information reported by the data plane elements by pushing the stateless configuration to forwarding engines.
NSX-T splits the control plane into two parts:
CCP: The central control plane. Cluster nodes of NSX-T Manager are used for CCP, providing redundancy and scalability. Logically, the CCP is separate from all data plane operations, so a failure in the control plane has no impact on existing data plane operations. Based on the configuration from the management plane, some ephemeral runtime state is computed by the central control plane. Information about data plane elements reported via the local control plane is disseminated through this plane.
LCP: The local control plane using transport nodes. The LCP runs adjacent to the data plane it controls and is connected to the CCP. This part of the data plane is responsible for programming forwarding entries, monitoring local link status, computing most ephemeral runtime states based on updates from the data plane and CCP, and pushing forwarding engines. Data plane elements that host the LCP share their fate.
Data plane: It maintains packet-level statistics, reports topology information to the control plane, and performs stateless forwarding or transformation of packets based on control plane tables.
Workload data
NSX-T’s virtual switch, distributed routing, and distributed firewall are N-VDS. In a physical network, data flows over designated transport networks.
VMware vRealize Operations Manager 8.3
VMware vRealize Automation 8.3
VMware vRealize Network Insight (vRNI) is 6.1.
Moreover, vRealize Operations Cloud, vRealize Automation Cloud, and vRealize Network Insight Cloud are supported. On-premises and cloud versions of the vRealize Log Insight software were not supported in Azure VMware Solution when writing this book.
A block diagram depicts cloud consumer private cloud has three VMware v Realize suites, labeled v Realise network insight, automation, and operations.
Azure VMware Solution VMware vRealize Suite
vROPS offers intelligent remediation and predictive analytics, and AI/ML capabilities enable self-driving IT operations management across private, hybrid, and multi-cloud environments.
A VMware infrastructure administrator can monitor system resources with vRealize Operations Manager, an operations management platform. Application-level resources (physical or virtual) can also be infrastructure-level resources. Each Azure VMware Solution private cloud includes a dedicated deployment of vCenter, NSX-T, vSAN, and HCX. VMware administrators typically monitor and manage VMware private cloud components through vRealize Operations.
Connecting VMware workloads to Azure VMware Solution (AVS) is supported by vRealize Automation. AVS helps Microsoft integrate VMware environments.
A VRA offering enables self-service clouds, multi-cloud automation, management, and security through DevOps. VRealize Automation helps enhance IT agility, productivity, and efficiency to prepare for the future of cloud consumers’ business.
In a vRealize Network Insight Cloud, cloud consumers can add their vCenter and VMware Cloud NSX Manager deployed in Azure VMware Solution (AVS). In a vRealize Network Insight Cloud, native Azure components are not supported.
Using VRNI, a cloud consumer’s network can be securely and confidently managed with intelligent application discovery, network optimization, analytics, and troubleshooting.
Next, let’s discuss VMware HCX components in Azure VMware Solution.
The VMware HCX platform enables seamless application migration across cloud consumer datacenters and Azure clouds, workload rebalancing, and business continuity.
The Azure V M ware solution of H C X is depicted. A closed strand with On premises and Azure at the ends. Modern enterprise data center and A V S on Azure share the information to the H C X hybrid interconnect.
Azure VMware Solution HCX
Application migration: Virtual machines running on vSphere can be scheduled and migrated between datacenters without requiring a reboot by cloud consumers.
Change platforms or upgrade vSphere versions: In HCX, workloads can be migrated from vSphere and non-vSphere (KVM and HyperV) environments across datacenters and clouds to current vSphere releases without upgrading.
Workload rebalancing: Rebalancing workloads allows customers to move applications and workloads across regions and cloud providers, thereby offering scaling, keeping costs down, and remaining vendor neutral.
Business continuity and protection: By replicating workloads across HCX sites, administrators can protect workloads. On-demand migrations are possible, or they can be scheduled for business or maintenance needs.
HCX from VMware includes a virtual management component and, depending on the license, up to five different types of VMware HCX Interconnect appliances. In VMware HCX, the source site should configure and activate services, and the destination site should deploy the virtual appliances as peers.
HCX-IX Interconnect appliance
HCX WAN Optimization appliance
HCX Network Extension Virtual appliance
HCX Sentinel Gateway appliance
HCX Sentinel Data Receiver appliance
Let’s explorer each of them.
HCX Cloud and Connector Installer: An HCX source environment and an HCX destination environment are considered separately in the HCX site-to-site architecture. Each environment requires a different HCX installer: HCX Connector or HCX Cloud. HCX Connector is always used as the source. In cloud-to-cloud deployments, HCX Cloud is typically used as the destination. However, it can also be used as a source. Cloud providers deploy HCX Cloud, and tenants deploy HCX Connector on-premises if they are using HCX-enabled public clouds.
HCX operations pair source and destination sites.
The source and destination environments deploy HCX to the management zone next to the vCenter Server, providing a single plane (HCX Manager) for managing VMware HCX. This HCX Manager provides the framework for managing HCX service virtual machines across both the source and destination sites. Each VMware HCX task is authorized using the existing vSphere SSO identity sources. Mobility, extension, and protection actions can be initiated from the VMware HCX UI or the vCenter Server Navigator screen’s context menu.
A tenant can deploy both source and destination HCX Managers in the NSX Datacenter Enterprise Plus (HCX for Private-to-Private deployments).
HCX-IX Interconnect appliance: As a replication and vMotion service appliance, the HCX-IX appliance provides strong encryption, traffic engineering, and mobile virtual machines over the Internet and private lines to the destination site.
The Mobility Agent service is installed as a host object on the vCenter Server with the HCX-IX appliance. The Mobility Agent is the mechanism HCX uses to migrate virtual machines to a new location using vMotion, Cold, and replication-assisted vMotion (RAV).
HCX WAN Optimization appliance: By applying WAN optimization techniques such as data deduplication and line conditioning, VMware HCX WAN Optimization improves the performance characteristics of private lines or internet paths. The onboarding process to the destination site is accelerated through internet connections without waiting for direct connect/MPLS circuits. Performance is closer to a LAN environment.
HCX Network Extension Virtual appliance: With HCX Network Extension, cloud consumers can extend Layer 2 fast (4–6Gbps) from environments using vSphere distributed switches and VMware NSX. With the HCX Network Extension, cloud consumers can keep the same IP and MAC addresses when migrating virtual machines. Mobility optimized networking in HCX Network Extension eliminates “tromboning” between migrated virtual machines on different extended segments and virtual machines on native NSX-T networks at the destination.
HCX Sentinel Gateway appliance: Cloud consumers can migrate guest (non-vSphere) virtual machines from on-premise datacenters to the cloud with VMware HCX OS Assisted Migration (OSAM). A few components make up OSAM: HCX Sentinel software that runs on each virtual machine to be migrated, Sentinel Gateway (SGW) appliances that connect and forward guest workloads in the source environment, and Sentinel Data Receiver (SDR) appliances in the destination environment.
HCX Sentinel Data Receiver appliance: The HCX Sentinel Data Receiver (SDR) appliance receives, manages, and monitors data replication operations at the destination environment when used with the HCX Sentinel Gateway appliance.
The HCX Enterprise Edition for Azure VMware Solution is generally available.
Finally, let’s discuss Azure security and compliance in Azure VMware Solution.
CloudAdmin is the role assigned to a local user in vCenter built into Azure VMware Solution. In comparison to other VMware cloud solutions, the CloudAdmin role has vCenter privileges that are different.
Active Directory administrators can grant users of Azure VMware Solution permission by linking an identity source to their local CloudAdmin user.
The administrator cannot access the administrator user account of an Azure VMware Solution deployment. vCenter administrators can assign Active Directory users and groups to their CloudAdmin roles.
Microsoft supports and manages specific management components that are unavailable to private-cloud users. Clusters, hosts, datastores, and distributed virtual switches make up these components.
Data-at-rest encryption is enabled by default for vSAN storage datastores through the Azure VMware Solution. Key Management Service (KMS) is used for encryption and supports vCenter key management. The keys are encrypted and wrapped by a master key in Azure Key Vault. If a host is removed from a cluster, data on SSDs is immediately invalidated.
Summary
In this chapter, you explored the fundamentals of cloud computing and Microsoft Azure, getting started with Azure VMware Solution, essential Microsoft AVS terminologies, and the well-framed framework for AVS building blocks.
In the next chapter, you will read about performing assessments and requirements gathering with Microsoft AVS.