Save to My DOJO
Following on from our Azure Infrastructure as a Service (IaaS) webinar with Microsoft’s Thomas Maurer, in this article we run down 5 of the most important uses of Azure IaaS. On this page, you’ll also find the questions and answers asked by those that attended the live webinar broadcast. There were some fantastic questions asked and some really important aspects covered in the Q&A particularly around specific use cases that many using IaaS will encounter. However, before we go any further, let’s just define what IaaS and what it can do, for those who are new to the topic.
What is Azure IaaS?
Azure IaaS is an instant computing infrastructure operating with VMs running on Azure Compute and all its associated online infrastructure. This includes things like vNets, Network Security Groups, cloud storage….etc..etc. IaaS is most often compared to PaaS (Platform as a Service) in which the customer is simply consuming the core service needed and leaving the management of the individual components underneath to the cloud vendor. An example of PaaS in Azure would be something like Azure Web Apps, or Azure SQL.
Watch the Webinar: How to Supercharge your Infrastructure with Azure IaaS
If you want a better understanding of what Azure IaaS can do I strongly recommend you watch the free webinar How to Supercharge your Infrastructure with Azure IaaS presented by myself, Microsoft MVP Andy Syrewicze, and Thomas Maurer, Senior Cloud Advocate on the Azure Engineering Team. During the session, we covered several real-life applications that organizations can leverage Azure IaaS today. We chose to discuss IaaS over PaaS, because IaaS is often the first logical step that organizations take when first getting started with the cloud. The use-cases covered during that webinar include:
- Running Web Applications in Azure IaaS
- Creative Uses for Nested Virtualization in Azure
- Highly Available VMs in Azure IaaS
- How to Migrate an On-Premises VM to Azure
- Azure Files and Highly Available Storage for IaaS VMs
As these were covered during the webinar, we won’t be covering these listed use-cases in this article.
Note: The webinar page also includes a downloadable version of the presentation slide deck.
I this article, we’ll be covering 5 community suggested use-cases that we didn’t have time to cover during the webinar.
Let’s get started!
1. Active Directory Hosted in Azure in Azure IaaS and Azure AD
When I’m talking with folks about Azure, this is often a big one that I get. What to do with AD in Azure? Most operations folks will be quite familiar with the concept of running redundant domain controllers onsite to handle all things identity for their organization. While this model has served us well on-prem, that doesn’t instantly make it work in a cloud model.
Because of this, it’s important to really plan for what you’re looking for with AD. The simplest way I put it is two options:
- If you simply need offsite redundancy for an existing on-prem AD deployment, or you have a disjointed workforce and still want identity services in conjunction with traditional AD, spin up a small VM in Azure, configure VPN services, and replicate to it. Done.
- If you utilize Office 365 to date, you’re interested in some of the more advanced features in Azure AD such as password-less sign in, or you’re keeping your IaaS deployments separate from your on-premises stuff (from a security point of view) then use Azure AD.
With that said, this isn’t a one size fits all rule. Realistically, maybe the answer for your organization is a combination of the 2 options. We’ll be covering more about Azure AD and Identity services in Azure here on the Hyper-V blog.
Additionally, we’ve started a discussion thread on the Dojo Forums if you’re interested in discussing this use-case further.
2. Run an Application in an Azure Container Instance
Containers have started taking the industry by storm. Containers and Container Orchestration was a major development area for Microsoft this last year or two, so it didn’t surprise me to see this as a community interested use-case in our IaaS webinar.
While many IT Pros know you can run containers on-prem, many are surprised to hear you can quickly and easily spin up a container in Azure using Azure Container Instances. It’s simply a matter of pointing Azure at the relevant container image you want to use, pass your variables, and let it run.
To date, I’ve covered containers quite a bit on our MSP blog, and will be focusing on Azure Container Instance Specifically in a future post. Like the above AD focused use-case, we’ve started a discussion thread on this use-case as well. We’d love to hear your input.
3. 100% Virtual Office in Hosted in Azure (e.g. 10 Desktops and 1 or 2 Servers)
This was the community submitted use-case I hadn’t considered whatsoever. I was also excited to play it out once I read it as well. The idea here is to have a 100% cloud-based office. Virtual desktops in Azure along with Azure-hosted servers/services to support them. In this scenario, the only thing on-site, would be an endpoint or thin client to remote into the cloud office.
This is certainly doable and could be VERY beneficial for workforces that are spread out. You could use traditional Azure IaaS VMs, or look at some of the new services like Windows Virtual Desktop (WVD). Together these should serve all your compute needs
One thing that does come to mind is internet access. With a deployment like this, connectivity needs to have top priority. Contingencies and backup connections need to be in place in the event the primary connection goes down. An old saying from a buddy of mine comes to mind….. the cloud is great until you can’t get to it. That thought REALLY applies here. No internet, no office, so you’ll want to plan accordingly.
Like the above 2 options, we have a discussion thread setup on our forums. Again, we’d love to hear your thoughts and ideas on this use-case!
4. SQL Server Hosted in Azure IaaS
While this one didn’t make our top three, I did see quite a few mentions of it during our webinar. Mainly, what is the place of SQL running in an Azure VM, vs the SQL DB Service in Azure PaaS?
You would run SQL in an Azure VM, when you want to control the OS stack underneath SQL. Maybe you need that granular access. Maybe you need direct access to the backend. Maybe you want to manage your own patch and maintenance cycles. It these types of situations where you would want to avoid the PaaS model. The model also plays the best when integrating with on-prem systems, or if you want to start utilizing the cloud but maintain as close of similarity as possible with on-prem.
If you’re in a situation where you strictly need a SQL DB, and nothing else. Have a look at Cloud Database as a Service. The big benefit here is you don’t have to worry about the underlying OS and associated infrastructure. Keeping things as simple as possible.
5. Making Azure Work with an On-Premises vSphere Environment
For the 5th most popular use-case suggested by the community for our webinar, we had Azure interoperability with VMware.
Microsoft has put in a lot of work making sure that administrators using VMware on-prem can still take advantage of Azure Cloud Services. With Azure acting as an extension of your datacenter, many Azure services don’t even see the VMware part of your on-prem equipment. They just see the operating systems of your guest VMs.
As for migrations and moving things toward Azure from VMware, this is a highly supported action as well. In our webinar above, Thomas even spent a bit of time talking about migration from VMware to Azure VMs. So, check that out if you haven’t already.
The main thing here is just don’t assume it won’t work because it’s two different vendors. You’ll find that this situation is highly supportable and not too much of a headache at all.
Azure IaaS Webinar Q & A
Below is a full list of the questions asked during the How to Supercharge your Infrastructure with Azure IaaS webinar and their associated answers.
NOTE: If we missed your question or you have a new question about this topic, let us know in the comments below, or let us know on the Dojo Forums if it’s a more involved question!
Q. In your opinion, what is the best advice for an organization just getting started with Azure?
A. Take it slow. Unless there is a burning business need for it, there typically isn’t anything forcing you to move to Azure today. Start with the easy stuff like simple web-apps, offsite backup storage…etc..etc and go from there once your comfortable.
Q. About HA in Azure, the VMs need to have the same “role”? What do you suggest when you need HA for a single VM?
A. Availability Zones and Sets in Azure simply insure that your VMs are not contained within the same defined fault domain in an Azure region. This prevents failure of any fault domain affecting all the VMs in your availability set/zone. You still need to take the steps necessary to cluster your application across multiple VMs.
Q.How would I go about load balancing multiple web server VMs in Azure?
A. Azure has built in load balancer services. For more information see this link!
Q. For companies using Azure Stack, can it be added as a region also? Would it make sense?
A. Azure Stack is not just a new region, it is a new cloud. Thing about it like you would think about Azure Government, Azure China, and the public Azure Cloud. It’s completely separate, but you could still deploy apps on Azure and Azure stack combined.
Q. So with Nested Virtualization, I could backup an entire Hyper-V host and restore it to Azure along with it’s VMs?
A. Kind of. While you wouldn’t be able to restore the host, you could provision a nested Hyper-V host in Azure and recover your VMs to it! You have to manage the virtual networking from the nested hyper-v instance out to the Azure networking fabric, but that’s very doable.
Q. Are Azure Files accessible directly from IaaS? Or is it accessed over public IP PaaS?
A. You attach an Azure IaaS VM to Azure Files just like you would any other server. On-Prem or otherwise.
Q. Can Azure Files have ACLs integrated with Azure AD?
A. Sure can, it’s currently in public preview! More information here!
Q. Does Azure Files effectively replace on-prem file shares?
A. I don’t think on-prem file shares will go away completely. Remember, some applications still have certain latency requirements that Azure files wouldn’t be able to provide.
Q. Can Azure File Sync be used to replace a local file server completely for an SMB?
A. With file sync, you will still have a file server, but it is synced to the cloud. For a small business, I would suggest you look at Office 365 and Sharepoint Online.
Q. Is it possible to connect a Database VM in IaaS, with an application hosted in PaaS?
A. Yes! You can do this over a vNet
Q. Do you recommend a file server hosted on an Azure VM with a VPN connection?
A. You could certainly do this and it would work and is supported. Azure Files would likely fit a large number of use cases as well.
Q. What is the easiest way to migrate SBS 2011 services to Azure?
A. Azure Migrate should help with this.
Q. Do you have any resources to help with Azure Pricing? The Calculator is confusing!
A. You are correct. The calculator has a TON of information in it. If you want a bit of assistance, including some examples, we covered pricing a little in one of our recent eBooks. It’s written from a service provider stand point, but should be helpful even if you don’t fall into that camp.
Q. What About Encryption in Azure and BYOK?
A. Take a look at Azure Key Vault.
Q. Being in an Azure Environment wouldn’t it make the most sense to use Azure Backup?
A. Azure Backup has some major limitations in how you can schedule and store backups. Additionally, there is some specific criteria around the amount of data to be backed up, the number of restore points…etc..etc. Many organizations like to conduct backup/restore operations under the umbrella of their existing backup vendor.
Q. What happens to your SLAs if you don’t select premium storage?
A. The uptime percentage will be lower.
Q. Are the SLAs in Azure Government Different?
A. I’ve not seen or heard anything that states they are different from that of the normal Azure Public cloud. More documentation on Azure Government here. Additionally, I’d ask your rep for more up to date information on the SLAs specifically.
Q. Would you still use Availability Sets with Availability Zones?
A. They really protect against two different issues. An Availability set protects against failures within a datacenter, while an Availability Zone protects against a datacenter failure within an Azure region.
Q. What is the RTO for an unplanned downtime in Azure?
A. The SLAs and associated downtime are defined per service in Azure. The details are provided in the documentation for each service.
Q. Does Azure Migrate allow you to select where the workload goes?
Q. Do Availability Sets also help with load issues?
A. Availability Sets are more about HA and uptime. They are designed to protect you from equipment failure inside of Azure and not designed to address load concerns.
Q. For Availability Sets, I have to pay for 2 VMs correct?
A. This is correct. At least 2. If your application requirements call for more than 2, you’ll have to pay for more than two. The Availability sets just ensure fault domain separation
Q. Is scaling down storage in Azure possible?
A. Yes. The flexibility/ability to scale up as well as down is one of the most popular features in Azure.
Q. Are Azure File shares public?
A. They can put access limitations in place to suit your needs
Q. How would I go about accessing a VM hosted application in Azure that isn’t web-based?
A. You could use Site-to-Site, or Point-to-site VPNs for this, or one of the other direct connection networking features like an express route.
Q. Is it possible to host a backup domain controller in Azure to support our on-prem DC?
A. Sure! This is a great use-case. You could then access it via VPN or another connectivity option.
Q. Is there a way to test out Azure without having to provide payment details?
A. Take a look at Microsoft Learn. They provide some labs that will actually provide some dedicated free Azure resources for you to work with.
Q. Can you Access Azure Files from on-prem workstations?
Q. What is used as a firewall for Azure?
A. For IaaS VMs this would be the Network Security Group. More info on that here.
Q. Do you see Azure Virtual Desktops as a financially competitive option compared to an on-prem RDSH setup?
A. Possibly. We’ll have to wait until virtual desktop is out of preview to get a good idea on the pricing and performance before we can make that determination.
While we covered each use-case briefly, be sure to check out the applicable forum threads, or let us know what IaaS application you think should be on this list in the comments section below. We’ll be using the feedback gathered here to fashion and prepare more comprehensive materials to surround these technologies for future articles. Help us help you!
If you haven’t done so already, don’t forget to watch the IaaS Azure webinar!
Thanks for reading!
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!