Accelerate edge deployments with cloud-managed infrastructure and Azure Stack HCI version 23H2
By Cosmos Darwin, Principal Group Manager, Azure Stack HCI
Today at Microsoft Ignite 2023 we’re announcing the public preview of Azure Stack HCI version 23H2. Azure Stack HCI is cloud-managed hyperconverged infrastructure that applies adaptive cloud principles to the full stack. With Azure Stack HCI, you can deploy and operate everything from hardware to applications using Azure Resource Manager and core Azure management services, unifying siloed teams around a common platform. New container-based applications can run alongside your existing virtual machines with Azure Kubernetes Service, and every workload is automatically Azure Arc enabled, making it easy to leverage cloud-based configuration, observability, and advanced security across all your resources.
Scale with the power of the cloud
In industries like retail, manufacturing, and healthcare, it’s common for physical operations to be spread across many edge locations. As digital transformation initiatives bring more computing into the store, factory, or clinic, managing the explosion of new technologies across thousands of locations can be overwhelming and expensive. Edge infrastructure that can be deployed quickly and managed centrally, with AI-enhanced tools that scale to thousands of resources, provides a powerful competitive advantage. With Azure Stack HCI version 23H2, core lifecycle operations like deployment, patching, configuration, and monitoring are performed entirely from the cloud, reducing the need for on-site tools and personnel.
Updating multiple Azure Stack HCI clusters with one click in Azure Update Manager.
Azure Stack HCI version 23H2 is easier to deploy at scale. When new machines arrive at an edge location, if the OS is preinstalled, on-site personnel can simply plug them in and establish the initial network connection to Azure Arc. Then, the rest of the infrastructure is deployed from the cloud, including cluster, storage, and networking configuration. This reduces the time and expertise required on-site to the bare minimum. You can use the Azure portal to create an Azure Stack HCI cluster or scale with an Azure Resource Manager (ARM) template that you can reuse repeatedly with unique parameters for each edge location. This infrastructure-as-code approach makes it easy to ensure that Azure Stack HCI is configured consistently at scale. Beginning with version 23H2, all Azure Stack HCI clusters are deployed from the cloud.
Cloud-based update management
Staying up to date is easier too. Azure Stack HCI version 23H2 introduces a new Lifecycle Manager that organizes all applicable updates into a single monthly package covering the OS, agents, services, and even drivers and firmware for participating hardware solutions. Lifecycle Manager ensures that your cluster always runs a software combination (or “recipe”) that has been validated by Microsoft and our partners, reducing the risk of update issues or incompatibilities. Update management for Azure Stack HCI clusters is integrated with Azure Update Manager, providing a unified tool for all your machines across the cloud and the edge. You can check for updates and select one or multiple clusters to apply with just a few clicks in the Azure portal. Updates are rolled out with cluster-aware updating, meaning that they are applied sequentially to each host with no downtime for apps or users. Beginning with version 23H2, all Azure Stack HCI clusters are updated from the cloud.
Azure Monitor provides unified observability for apps and infrastructure across the cloud and the edge. This now includes logs, metrics, and alerts coverage for Azure Stack HCI version 23H2. There are over 60 standard Metrics available for Azure Stack HCI including processor and memory usage, storage performance, network bandwidth, and more. Azure Stack HCI health issues, like a failed disk or a misconfigured network port, surface as new platform Alerts that you can customize to trigger notifications or actions. And Azure Monitor Insights, powered by Data Collection Rules and Workbooks, provides pre-built views to help you monitor specific features and scenarios, like storage deduplication and compression.
Central management for all your workloads
Most organizations find themselves managing a wide variety of applications: some container-based, others VM-based; some running in the cloud, others running at the edge. With Azure Arc and an adaptive cloud approach, you can leverage common tools and implement common operational practices across all your workloads, wherever they run. Azure Stack HCI version 23H2 provides all the Azure Arc infrastructure needed, set up automatically as part of deploying the host cluster, including the Arc Resource Bridge, Custom Location, and other agents and management components. This means that right out of the box, you’re ready to start provisioning Arc-enabled virtual machines, Azure Kubernetes Service clusters, and Azure Virtual Desktop session hosts.
Get started by deploying virtual machines, Kubernetes clusters, or Azure Virtual Desktop session hosts.
Many critical workloads run as virtual machines. Azure Stack HCI version 23H2 provides general-purpose VMs with flexible sizing and configuration options to meet your application requirements. You can bring your own Linux or Windows custom images or conveniently access ones from the Azure Marketplace. Use Azure Arc to define storage paths and logical networks, with support for static IP assignment or DHCP. Every new VM created through Azure portal, CLI, or an ARM template is automatically configured with the Connected Machine Agent for guest management including VM extensions like Microsoft Defender, Azure Monitor, and Custom Script, enabling consistent management for all your machines across the cloud and the edge. You can create new VMs or sign up to preview the new integration with Azure Migrate to move VMs from VMware or Hyper-V to Azure Stack HCI. Azure Arc-enabled VM management will reach general availability (GA) with version 23H2.
Azure Kubernetes Service
New applications are increasingly packaged as container images. Azure Stack HCI version 23H2 provides the Azure Kubernetes Service, a managed Kubernetes solution that runs locally at the edge. Azure Kubernetes Service is set up automatically as part of deploying Azure Stack HCI and includes everything you need to start deploying container-based workloads, including Linux and Windows container host images and storage and networking drivers. Azure Kubernetes Service runs its control plane in the same Azure Arc Resource Bridge as general-purpose VMs and uses the same storage paths and logical networks. Every new Kubernetes cluster provisioned through Azure portal, CLI, or an ARM template is automatically configured with the Azure Arc Kubernetes agents inside to enable extensions like Microsoft Defender, Azure Monitor, and GitOps for application deployment and CI/CD.
Azure Virtual Desktop for Azure Stack HCI (preview)
Finally, Azure Stack HCI version 23H2 is ready to deploy virtualized desktops and apps. Azure Virtual Desktop is a desktop and app virtualization service with a cloud-hosted control plane managed by Microsoft. Azure Virtual Desktop provides the familiarity and compatibility of Windows 11 and Windows 10 with multi-session capabilities that increase density and reduce costs. With Azure Virtual Desktop for Azure Stack HCI, you can locate desktops and apps (session hosts) closer to users at the edge for lower latency, with optional GPU acceleration for demanding applications. Version 23H2 brings an updated public preview that offers host pool provisioning directly from Azure portal, simpler guest OS activation, and updated Marketplace images with Microsoft 365 apps preinstalled. Information about GA timing and pricing will be shared soon.
Advanced security made easy
The cyber threat landscape is rapidly changing, with attacks becoming more sophisticated and persistent. As digital transformation leads to more apps and infrastructure at the edge, it’s critical for organizations to leverage advanced security and stay ahead of attackers. Azure Stack HCI version 23H2 makes this easy with strong security defaults, native integration with Microsoft Defender for Cloud, and the option to protect virtual machines with Trusted launch.
Option to select Trusted launch security type when creating VM in Azure Arc.
Secure by default
All new Azure Stack HCI version 23H2 clusters are deployed with a hardened security posture. Building on the Secured Core Server foundation, over 300 settings across the hypervisor, storage, and networking stack are applied with the Microsoft recommended values. This covers 100% of applicable settings in the Azure security baseline, an increase of 2x compared to version 22H2. This means you can deploy with confidence even if you’re not a security expert. Settings drift is detected and automatically corrected to maintain your intended posture over time. To protect against malware and ransomware, application control is automatically enforced with a Microsoft-provided base policy. You can allow additional host agents with supplemental policies.
Integrated with Microsoft Defender for Cloud
Microsoft Defender for Cloud provides unified security tooling for all your resources across the cloud and the edge. In addition to workload protections for Kubernetes clusters and VMs, new built-in security recommendations provide coverage for your Azure Stack HCI infrastructure as part of the Cloud Security Posture Management plan. For example, if your hardware isn’t configured for Secure Boot, or if your clustered storage volumes aren’t encrypted, or if application control isn’t enabled, that information will appear prominently within the Microsoft Defender for Cloud portal. You can also conveniently see the protection status of your host cluster, nodes, and workloads together in one view. This makes it easy to audit and remediate your security posture at-scale, across 10s-1000s of edge locations. Sign up to preview the new integration between Azure Stack HCI version 23H2 and Microsoft Defender for Cloud.
Trusted launch for Azure Arc-enabled virtual machines
Trusted launch is a security option that hardens VMs against firmware and boot loader attacks. Previously available only in Azure cloud, Trusted launch is now available at the edge with Azure Stack HCI version 23H2. You’ll see a new option to select the security type when provisioning an Arc-enabled VM through Azure portal, CLI, or an ARM template. With Trusted launch, the VM gets a virtual TPM that can be used to securely protect keys, certificates, and secrets, enabling applications like BitLocker. It also gets Secure Boot enabled by default. Trusted launch VMs support automatic failover and live migration: vTPM state is seamlessly preserved when the VM moves between nodes in the cluster. This is an important step in our journey to bring confidential computing to the edge.
Get started today
Try the 23H2 preview
You can preview Azure Stack HCI, version 23H2 right now. Follow the deployment guide and visit the Azure portal to get started. To facilitate evaluation, the preview works with real or virtual hardware, as long as your environment meets the prerequisites.
Use 22H2 for production
Please note that version 23H2 is not yet supported for production use. As with any preview, there are some limitations and known issues. Production customers should continue to use version 22H2 for now. Jumpstart your deployment with an Integrated Solution or browse the catalog to find hardware that meets your needs and budget.
Version 23H2 will become generally available (GA) in early 2024. It will initially be available for new deployments. Later in the year, most customers running Azure Stack HCI, version 22H2 will be able to update their cluster to version 23H2.