Join Bhargav Shukla for an in-depth discussion in this video Azure Stack key concepts, part of Microsoft Azure Stack First Look.
- [Instructor] Microsoft Azure stack is Microsoft Azure in your data center. It is made up of several components and services that work together to provide you with an experience similar to Microsoft Azure. Here is what the architecture of Microsoft Azure stack looks like at a high level. Starting at the foundation, the hardware layer consists of network, compute, and storage components. The operating system, the hypervisor, and the Azure stack components depend on these resources.
The hardware layer also provides required capacity to offer services to the end users. The pre-built systems will be provided by Microsoft partners. Next up, the infrastructure control layer consists of controllers responsible for carrying out tasks for a specific set of services. For an example, network controller provides services such as configuration of virtual networks, load balancing, network address translation, and gateway services.
The controller interacts with infrastructure role VM's. Infrastructure role VM's aren't displayed in this illustration, and they're designed to be similar to an appliance, inaccessible to Azure stack administrators. The infrastructure role VM's are essential to creation and management of Azure stack environment and shouldn't be directly interacted with. The infrastructure deployment, builds, and workflows are important part of infrastructure control layer.
It is responsible for installing required Azure stack components on the underlying hardware. During normal operation of Azure stack, it is also responsible for patching and update process of the Azure stack environment, including firmware management, operating system updates, and build process when installing Azure stack. It is important to note that when updating multi-node Azure stack environment, operating system isn't updated by installing patches individually, but instead, replacing the operating system image which includes all the required patches and other updates.
In single-node proof of concept deployments, any refresh to the Azure stack can only be applied by reinstalling Azure stack from scratch. The resource providers are web services that provide programmatic interface with an Azure stack portal for users carry out specific tasks such as creating a VM, and infrastructure controls component that carry out these tasks. Each included resource provider is responsible for given infrastructure component, such as compute resource provider, network resource provider, and storage resource provider, among others.
Lastly, the top-most layer, known as resource manager layer provides users and administrators with the management portal experience, as well as programmatic interfaces such as PowerShell or CLI. Administrators can manage the Azure stack configuration, create offers, create tenants, and offer services. End users log in to tenant portal and create and manage resources such as virtual machines, web apps, and so on.
Azure stack is an offering available from provider, whether it is an internal IT organization providing services to the business units, or a hosted service provider offering services to their customers. Azure stack identifies the consumers by two roles, or personas, a cloud administrator, and a tenant. A cloud administrator is the person responsible for configuring and managing Azure stack. The cloud administrator creates and manages offers consumed by tenants, manages related plans, services, quotas, and associated resources.
Cloud administrator is also responsible for managing the infrastructure, planning, and managing capacity, responding to alerts, and addressing any underlying issues to ensure service delivery to the tenant. A tenant is the consumer of services offered by cloud administrator. The tenant uses Azure stack tenant portal or automation tools, such as PowerShell, to access their services, create and manage storage, web apps, virtual machines, and other resources they have subscribed to.
Managing authorized access to Azure stack requires an identity management solution. Azure stack supports using Azure active directory, or active directory federation services as an identity provider. Azure active directory is Microsoft's cloud-based identity provider. For most hybrid deployments, Azure active directory is the preferred identity provider. Azure active directory is required if you plan to use marketplace indication with Azure stack.
For disconnected deployments of Azure stack, where internet access may not be available or is restricted, active directory federation services can be used as an identity provider. Azure stack includes its own active directory instance and ADFS. When you deploy services in Azure or Azure stack, multiple resources are associated with the services being deployed. The resources include storage, network interfaces, network security roles, and more.
Azure resource manager provides a single interface to deploy, manage, and monitor the components deployed as a part of the service. Here's the Azure resource manager terminology you should familiarize yourself with. This terminology is also applicable to Microsoft Azure. A resource refers to a manageable item available through Azure stack, and individual components such as a network interface guard, a network security group, a virtual disk, or a storage account are examples of a resource within the Azure stack environment.
Any dependencies between resources for a given service can also be defined in the template. Using an ARM template allows you to deploy services repeatedly and consistently using automation. Lastly, let me show you the hierarchy of the Azure stack offering. A region in Azure stack deployment refers to a location where the Azure stack is deployed. An organization can deploy Azure stack in multiple regions. Each region represents a unit of management and scaling boundaries for a given Azure stack deployment.
As of technical preview 3 of Azure stack, only a single region is supported and is automatically named local. Multiple tenants can consume services offered by Azure stack administrator. A subscription is how tenants can buy offers. A subscription can only be associated with a single offer and determine which plans and services tenants will have access to. A tenant can subscribe to multiple offers by creating multiple subscriptions.
An offer contains one or more plans that offer various services to the tenant. Administrators can create custom plans that allow them to group resources differently from base plans built into Azure stack. Plans group one or more services offered to the tenant. The administrator can assign quota for consumption of resources each service can consume. For an example, administrator can use quota to restrict amount of memory or storage a tenant can consume when creating virtual machines.
And the services represent the applications or virtual machines that tenant can create for their use. Web applications, single-server databases, or a virtual machine that will host custom or packaged application are examples of a service.
- What is Azure Stack?
- Technical requirements
- Preparing an Azure Stack host
- Deploying Azure Stack
- Registering Azure Stack
- Deploying a virtual machine
- Using Azure Marketplace