Episode 3: Five Things You Can Do with Azure Stack HCI
- Remote Office / Branch Office
Whether you’re in a small retail location with minimal room for hardware or you’re 5000 feet up in the mountains, Azure Stack HCI has multiple solutions to fit your needs. Constrained by budget or space? Start with a single-node deployment and scale to more nodes later. Need to deploy something ruggedized and can run cloud-native workloads? Both options are available with Azure Stack HCI!
- Azure Kubernetes Service on Azure Stack HCI
Running Kubernetes on-prem has been a hair-pulling experience for years now. While most admins scoff at the thought of running their own K8s deployment, especially on-prem, the reality is not everything belongs in the cloud. If data sovereignty, data gravity, or just outright latency are concerns of yours, you can spin up multiple AKS clusters on your Azure Stack HCI hardware with just a few clicks. And if you need to do heavy GPU workloads, but don’t have connectivity to the public cloud, AKS on HCI has GPU deployments in the roadmap.
- Fancy & Cheap File Storage
One of the more interesting advantages of running Azure Stack HCI is the shift to a monthly subscription model for licensing the OS itself. While it’s not a full-blown OS like traditional Windows Server, its bread-and-butter is running VM workloads and hyper-converged storage. And that means you can run Linux VMs on it without the need for additional Server licensing! If you come from a shop that uses GlusterFS or TrueNAS, this opens up the possibilities of running scalable file server VMs on certified hardware without the normal cost of a Windows Server license. Until scale-out file servers become a native “first-class” citizen in the Azure Stack HCI ecosystem, this is a great workaround.
- PAWS & Azure Virtual Desktops for Azure Stack HCI
If you’re unfamiliar with PAWS (Privileged Access Workstations), this is a must-have for any administrator who is touching sensitive fabric. The easiest way to implement a PAWS environment is to spin up some VMs or dedicated hardware, put it behind a firewall, limit access to a set of special credentials, and poke a few special firewall holes to IPs/ports you need. However, in today’s day and age, this is not enough, and Azure Virtual Desktops for Azure Stack HCI can help solve these problems! AVD is tightly coupled to Azure Active Directory, and with that, you get all the wonderful security tools such as Conditional Access Policies and Privileged Identity Management (a form of JIT). To avoid a threat actor from compromising a set of credentials, you can require your elevated users to PIM before logging in, force them to MFA, and require them to be accessing from a known IP range. The possibilities can be as restrictive as you want.
- VM Self Service
The obvious advantage to VM Self Service is the ability to have users create VMs via Azure Portal or ARM Templates and it be deployed to your own data center. From there, you can start to get really creative with what those VMs can do. Perhaps you want to have your software developers code in a specific environment that gets updated every week with build artifacts. Maybe you deploy large environments to Azure that run SQL, IIS, and a virtual network appliance, but want to have a cheaper way to do UAT testing on-prem . Now you can do that!