Kubernetes applications can now exploit the cluster and virtualisation technologies that power Azure Stack HCI while still respecting local data.
Microsoft is a firm believer in the idea of a hybrid cloud, one that spans everything from microcontrollers at the edge of the network to its hyperscale Azure service. It’s a model that’s led to the company offering its own server hardware and partnering with leading vendors to deliver edge hardware under the Azure Stack brand.
While Azure Stack may use the Azure name, it’s not running the same software as Microsoft’s own cloud data centres. However, it’s ‘Azure-consistent’, offering many of the same APIs as the Azure platform and integrated with the Azure Portal management tools. That model is the same whether you’re dropping a rugged Azure Stack Edge server at a remote site or setting up a small datacentres with the software-based Azure Stack HCI clustering platform.
A private cloud on the edge
Azure Stack HCI is one of the more interesting pieces of the Azure Stack portfolio, bringing Azure much closer to what we think of as traditional Windows servers. Unlike the more tightly controlled Microsoft Edge products and the at-scale multi-rack Azure Stack Hub, it’s a software distribution intended to run on certified servers, and as such offers low-level hardware and OS management through the Windows Admin Center as well as the Azure Portal.
The latest release of Azure Stack HCI brings Microsoft’s hyper-converged Windows Server closer to Azure and the rest of the Azure Stack family, adding support for more than managed storage and virtual machines, bringing in the application-focused Azure Arc as a way of managing the applications on your clusters, and the resources they use.
At the bottom of Microsoft’s modern server stack is the Hyper-V hypervisor. It’s proven to be reliable, powerful, and secure, forming the basis of much of Microsoft’s modern security architecture, from protecting log-on processes to securing web pages and downloaded documents. Azure Stack HCI builds on top of Hyper-V, hosting both Windows and Linux virtual machines, and through the Windows Docker tools, containers. With Hyper-V, Azure Stack HCI can build the dense application-specific clusters of virtual machines needed to work effectively with its pooled storage and manage virtual networks, taking advantage of the same model as Azure’s infrastructure-as-a-service, with access to Azure’s gallery of virtual machines and appliances.
Azure Stack HCI, Azure Arc and Kubernetes
Bringing Azure Arc into Azure Stack HCI makes a lot of sense. Azure has long been about abstraction from physical infrastructure. Its massive data centers are invisible to the end user, and all you need to do is pick a VM type, connect it to storage, and run your applications. At the heart of Azure’s model is ARM, the Azure Resource Manager, and its associated templates for describing and automating the resources used by applications on Azure. Like most infrastructure-as-code tools, it helps define and deploy resources, and you can build complex application descriptions in your ARM templates.
Azure Arc uses ARM to set up and manage virtual infrastructures on supported platforms, and with Azure Stack HCI integration, it’s now the preferred tool for building and deploying hyper-converged applications. System administrators can use Windows Admin Center to manage the host OS and hardware, while service administrators can build ARM templates for virtual machines and services, with application admins using Azure Arc to deploy and monitor running services.
SEE: Top cloud providers in 2020: AWS, Microsoft Azure, and Google Cloud, hybrid, SaaS players (TechRepublic download)
Virtual Machines are only part of the Azure Arc story, as it also helps deploy and manage Azure-consistent databases and Kubernetes applications running on the Azure Kubernetes Service (AKS). Microsoft recently announced that it would be bringing AKS to Azure Stack HCI, using Azure Arc as a management tool. It’s a model that makes a lot of sense: AKS is a managed Kubernetes platform that’s compliant with Kubernetes standards, so any Kubernetes application will run on it.
Alongside the core Kubernetes, it adds additional features, like Virtual Kubelets, which make it easier to manage scaling — an approach that fits well with hyperconverged architectures. Azure Arc’s Kubernetes application management sits on top of Kubernetes, deploying from git-based code repositories when code changes as part of a GitOps model.
Getting started with AKS on Azure Stack HCI
By using GitOps and working with AKS, you’re getting an Azure-consistent distributed application model across your Azure Stack HCI servers. You start by deploying AKS from Azure, using the Windows Admin Center (or PowerShell) to manage your running Azure Stack HCI system, adding its resources to your cluster. Once AKS is up and running, and you configure Azure Arc with your repository end points, Azure Arc will add its management agents to your AKS instance, ready to deploy and manage both Linux and Windows containers (as separate Windows or Linux hosts, or hybrid hosts supporting both).
Your Windows Admin Center will need to be connected to Azure in order to manage Azure Stack HCI’s AKS tooling. This is used to set up the AKS host, along with managing a local library of VM images for running AKS. Once the basic installation is in place you can start to add a cluster, using a Windows Admin Center wizard, integrating it with Azure services for monitoring and with Azure Stack HCI storage pools.
You don’t need to use Azure Arc to run AKS-hosted applications, but it does simplify deployment and integration with your build pipeline. If you prefer to use the Kubernetes command line or its built-in dashboard, you can deploy manifests to load container images and set up your applications from any container registry. Integration with Azure Monitor helps manage scaling, alongside AKS’s built-in failover and scaling services.
Added security with Hyper-V
Because AKS runs on top of Hyper-V there’s an additional level of security for your containers: you can use Microsoft’s hypervisor-based container isolation to keep your clusters isolated from each other, even on the same hardware. This way, distributed applications that require confidential data can run alongside your line-of-business applications without leaking data. Azure Arc’s integration with Azure Lighthouse allows MSPs to manage AKS applications remotely, letting you outsource management expertise as necessary.
By making Azure Stack HCI part of its vision of a hybrid cloud, Microsoft is bringing cloud development and deployment tools to your on-premises data centre and to the edge of your networks. Adding AKS (and Azure Arc support) makes a lot of sense, with Kubernetes applications able to take advantage of the underlying cluster and virtualisation technologies that power Azure Stack HCI while still respecting local data. With new packaging technologies allowing businesses to wrap up Kubernetes applications for distribution and sale, it’s a set of technologies that you might not be using today, but certainly will be using in the next five years.