Azure Stack is here, What’s Next? – Part II: Understanding Azure Stack IaaS Features
Continuing the articles related about understanding the Azure Stack components and features (previous article: “Consumption Model vs Capacity Model”), in this post the idea is to cover the Infrastructure as a Service (IaaS) components available.
As we already know, Azure Stack is intended to be the Azure instance in your datacenter, but even though they are using the same code, there are still some disclaimers to consider regarding Azure features available in Azure Stack. Also the intention in this article is to provide easy and quick comparison charts between Azure Stack vs Azure components.
Not all the components described in this article will be IaaS per-se, I’m separating the services in different articles for practical purposes. What I’ll cover in this article is:
-
Azure Stack Virtual Machines: Understanding disclaimers, expand the concepts about VMs Extensions and the comparison with public Azure.
-
Azure Stack Networking: Reviewing Virtual Networks, Load Balancer and VPN Gateways features; including their considerations and the comparison with the public Azure versions.
-
Azure Stack Storage: Understanding what are the components within Azure Stack storage, considerations and a table comparing with Azure.
-
Azure Stack Marketplace: Reviewing the Marketplace available, integration capabilities with Azure and the existing considerations.
For deeper dives into detailed features available in the GA version of Azure Stack, please review my previous article: “Azure Stack Is Here! Development Kit (Single-Node) Free Download Available and More”.
Also more details about Azure Stack pricing available here: “Azure Stack Final Pricing Available, Disconnected and Fixed Fee Model Confirmed”.
Azure Stack Virtual Machines
Offering Virtual Machines is, as we all know, the main concept for “Infrastructure as a Service” (IaaS). The public Azure version has over 20 (to this date) different VM types, which translates in several more different sizes within VM types; Azure Stack has a reduced version of those sizes.
Here are some important disclaimers about Azure Stack VMs to consider:
-
Virtual Machine sizes in Azure Stack are consistent with those found in Azure and custom sizes are not supported. Tables below show details about sizes and specs.
-
As reviewed, not all sizes are present but more will be added in future updates. It is also expected that Azure Stack will not have certain sizes available (very small or very large VMs).
-
Azure Stack will not ship with base OS images in the gallery, those must be imported or obtained through Marketplace.
-
In single-node POC (included in Azure Stack Development Kit), a single fault domain and upgrade domain are provided.
-
Some current and legacy distributions of Linux which ship with the Azure Agent codebase may have an incompatible version of the Azure Agent.
In the Dell EMC blog, there’s an interesting article written by Paul Galjan, regarding IaaS and Azure Stack. The interesting discussion relies on a comment made about a Microsoft Program Manager: “Azure Stack is not a virtual machine dispenser”.
Before generating a confusion with that statement, the intent of that comment is related about if you just need to provide virtual machines and nothing else, there are probably more efficient ways to deliver that instead of Azure Stack. The solution is intended to provide much more than a “virtual machine dispenser”.
Azure Stack Virtual Machine Extensions
Virtual machine extensions is a component highly used in Azure, basically the extensions are small applications that provide post-deployment configuration and automation tasks on Azure virtual machines. There are common extensions available to allow simple tasks as resetting administrator’s password or deploy an anti-virus; or more complex ones like implementing a Docker configuration.
The possibilities for tasks to execute are pretty much infinite since the extension for “custom script” is available, where you can integrate it with ARM templates, Azure CLI, PowerShell or the REST API.
In Azure Stack, here’s the list of current VM extensions available (more extensions expected to be available in future updates):
-
AzureLogCollector: Used to collect logs from one or more VMs.
-
BGInfo: SysInternals tool that writes useful server information to the desktop as a wallpaper.
-
CustomScriptExtension: Executes custom scripts as part of the deployment.
-
JsonADDomainExtension: Extension to join a VM to a specific domain.
-
VMAccessAgent: Several activities can be executed with this extension, like resetting passwords or adding a new user.
-
CustomScriptForLinux: Executes custom scripts in a Linux VM.
-
OSPatchingForLinux: Extension to provide OS patching within Linux VMs.
-
VMAccessForLinux: Provides several activities like resetting passwords or adding new user in Linux VMs.
-
DockerExtension: Allows installs and configures the Docker daemon, Docker client, and Docker Compose.
-
DSC: Applies Desired State Configurations to a VM.
-
IaaSAntimalware: Enables Microsoft Antimalware for Azure feature to provide real-time protection.
-
IaaSDiagnostics: Enables monitoring and diagnostics capabilities.
-
MicrosoftMonitoringAgent: Configures VM monitoring.
-
SqlIaaSAgent: Automates SQL activities.
Azure Stack VMs Extensions available:
Azure Stack Virtual Machines vs Public Azure Virtual Machines
As a quick overview let’s take a look for a comparison between Azure Stack VMs and Public Azure VMs:
In case you were wondering the specifics on the resources available on each of the VMs for Azure Stack, here it is:
Azure Stack Networking
In the Azure Stack Networking world, we’ll cover here the Virtual Networks, Load Balancers and VPN gateways.
Azure Stack Virtual Networks
Virtual Networks in Azure Stack is the simple representation of physical network and a logical unit of isolation.
Here are some disclaimers about Azure Stack Virtual Networks to consider:
-
Virtual Machine network speeds are not configurable within Azure Stack.
-
Standard public-facing DNS URIs for standard services must be handled manually.
-
For Network Security Groups (NSGs, network rules to allow or deny traffic) and User Defined Routes (UDRs, manual routes created), some keywords which are specific to Azure may not be available.
-
The ability to add User Defined Routes (UDRs) to Gateway subnet is not part of the initial release.
-
Network Virtual Appliances (NVAs, used to control the flow of network traffic) with modified versions of the Azure Agent may not function properly in Azure Stack.
-
IPv4 is only supported at this time (IPv6 support will be supported in a future release).
-
Features such as Traffic Manager, App Gateway, and ExpressRoute will not be available in the current release of Azure Stack.
Azure Stack Load Balancer
The Azure Load Balancer represents the service to provide high availability and network performance to applications integrated with this component. An Azure Load Balancer is a Layer 4 (TCP, UDP) load balancer that distributes incoming traffic among healthy instances of services defined in a load-balanced set.
We can use this component to load balance Internet traffic to a VM; traffic between VMs; between VMs and cloud services; between on-premises devices and cloud VMs; or forward external traffic to a specific VM.
There are two considerations around Azure Stack Load Balancers:
-
This feature is expected to generally work the same as Azure and Windows Server 2016 today
-
The Load Balancer feature uses the Windows Server 2016 Network Controller
Azure Stack VPN Gateways
A Virtual Network gateway is used to send network traffic between Azure Virtual Networks and on-premises locations and also between virtual networks within Azure Stack (VNet-to-VNet). Each virtual network can have only one Virtual Network gateway.
Here are some considerations regarding VPN Gateways in Azure Stack:
-
VPN from Azure Stack-to-Azure Stack and Azure–to-Azure Stack is supported with public IPs.
-
Azure VPNs are not officially supported through NAT.
-
ExpressRoute is not supported however Site-to-Site VPN is available.
-
The VPN Gateway will not support L3 and GRE gateway in this Azure Stack release.
-
Most recent Azure features released will not be available in the current release of Azure Stack (for example, network peering and network diagnostics).
Azure Stack Networks vs Public Azure Networks
Here’s a comparison chart for the networks between Azure Stack and Public Azure:
Introducing iDNS in Azure Stack
Since Azure Stack could be represented as a segment network separated from the public cloud and/or the on-premises environment, Microsoft included the Internal DNS feature (iDNS) feature. This concept originally appeared in Windows Server 2016 in the Software Defined Network (SDN) definition.
In Azure Stack, iDNS allows you to resolve external DNS names and internal virtual network names. Customers can still bring their own DNS servers into the environment, but if the requirement is just to resolve Internet DNS names and connect to other virtual machines in the network, iDNS can do the trick.
It is a cost-effective solution since you don’t need to deploy your DNS servers and additionally you don’t have to expose these servers to malicious attacks.
Azure Stack Storage
Azure Stack storage was built with the same principles than Windows Server 2016 Software-Defined-Storage (SDS). The storage components we can find in Azure Stack are: Blobs (what we usually use as the OS or data disks in VMs), Tables (NoSQL key-attribute data store for fast access to large quantities of data), and Queues (letting cloud software communicate via messages).
Here are some considerations about Storage in Azure Stack:
-
A single region is supported.
-
Locally Redundant Storage (LRS) is the only supported availability model.
-
Premium Storage is supported at the API level (including template support for Premium Storage).
-
The transaction data in storage metrics does not differentiate internal or external network bandwidth.
-
The transaction data in storage metrics does not include virtual machine access to the mounted disks.
Initially it was expected that Azure Stack in GA was not going to include Storage metrics features available, but eventually it ended up included. Here’s the reference about the cmdlets available in Azure Stack related to storage and includes metrics: “AzureRM.AzureStackStorage”.
Azure Stack Storage vs Public Azure Storage
Here’s a comparison chart for the storage between Azure Stack and Public Azure:
Azure Stack Marketplace
The Marketplace is virtual store and portal containing certified, open source, and community software applications, developer services, and data which are pre-configured to run in Microsoft Azure Stack.
The ideal scenario is to integrate the Azure Stack Marketplace with Azure’s Marketplace, so available and compatible items for Azure Stack are available and can be implemented easily.
There’s a list of Marketplace items available for Azure Stack that is updated constantly: “Azure marketplace items available for Azure Stack”.
The Azure Stack Marketplace also has some considerations:
-
It should not be expected that all Azure Marketplace Images and VMExtensions will be present in Azure Stack.
-
Azure Stack will have a syndication service which will allow for specified images and VMExtensions to be downloaded and included in Azure Stack deployments.
-
Each ISV needs to mark images as “Azure Stack Capable“. If you wish to deploy a solution with dependencies, it should be developed and deployed as a “self-contained” image.
In the following article, I’ll make a review about the PaaS services available in Azure Stack, their considerations and the comparison between public Azure.
Categories: Azure, Azure Stack, Yada Yada Cloud