Common questions about Azure VMware Solution

As enterprises pursue IT modernization strategies to improve business agility, reduce costs, and accelerate innovation, hybrid cloud platforms are key enablers of customers' digital transformation. Azure VMware Solution combines VMware's Software-Defined Data Center (SDDC) software with Microsoft's Azure global cloud service ecosystem. In addition, Azure VMware Solution meets performance, availability, security, and compliance requirements. For more information, see What is Azure VMware Solution.

The service is continuously being added to new regions. For details, see the latest service availability information.

Microsoft delivers support for Azure VMware Solution. You can submit a support request. For Cloud Solution Provider (CSP) managed subscriptions, the first level of support provides the Solution Provider in the same fashion as CSP does for other Azure services.

All Azure services are available to Azure VMware Solution customers. Performance and availability limitations for specific services should be addressed on a case-by-case basis.

You can find information about guest operating system compatibility with vSphere by using the VMware Compatibility Guide. To identify the version of vSphere running in Azure VMware Solution, see VMware software versions.

Updates made follow Microsoft Azure's standard change management process. Customers are responsible for any workload administration tasks and the associated change management processes.

With the new Azure VMware Solution, Microsoft and VMware have a direct cloud provider partnership. Microsoft designed, built, and supported the new solution. The solution is endorsed by VMware. Architecturally, the solutions are consistent, with the VMware technology stack running on a dedicated Azure infrastructure.

Any hosts with disk issues are replaced. It rolls up to 99.9 SLA availability of the Azure VMware Solution service.

For general questions on pricing, see the Azure VMware Solution pricing page.

VMware HCX Enterprise is available on Azure VMware Solution at no other cost and is enabled by default.

Traffic in the Azure VMware Solution ExpressRoute circuit isn't metered. No billing for any Azure VMware Solution ExpressRoute circuit, or for Global Reach charges between Azure VMware Solution private clouds. This scenario includes Azure VMware Solution to on-premises, other than standard egress charges for traffic from your Azure ExpressRoute circuit connection to your on-premises site from Azure. These fees are charged according to Azure ExpressRoute pricing plans with the Metered Billing Model. If you're using the Azure ExpressRoute Unlimited Billing Model, egress traffic isn't charged.

• Azure VMware Solution to Azure Virtual Network is through an internal ExpressRoute circuit and is free of cost, regardless of region location (same region or cross-region).

• Azure VMware Solution to on-premises site is done through Azure Virtual Network or ExpressRoute Global Reach (between the internal ExpressRoute and external ExpressRoute). It's still free aside from the standard egress charges (Metered Billing Model) from the ExpressRoute to on-premises network. For the Unlimited Billing Model, there are no data charges.

For example:

• If we connect an Azure Virtual Network in Azure West Europe to an Azure VMware Solution private cloud in West Europe, there are no ExpressRoute charges other than the ExpressRoute gateway charges.

• If we connect an Azure Virtual Network in Azure North Europe to an Azure VMware Solution private cloud in West Europe, there are no ExpressRoute charges other than the ExpressRoute gateway charges.

• If you connect an Azure VMware Solution private cloud in West Europe to an Azure VMware Solution private cloud in North Europe via ExpressRoute Global Reach. There are no ExpressRoute Global Reach data transfer (egress and ingress) charges. There are charges when using an ExpressRoute gateway.

No, you don't need to procure other VMware licensing beyond the Azure VMware Solution service. For more information, see the Azure VMware Solution pricing page to see what VMware technology is included.

Whether you want more hosts for an existing private cloud or you're creating a new private cloud, you need to submit a support ticket to have your hosts allocated. For more information, see Request host quota for Azure VMware Solution.

You need an Azure account in an Azure subscription.

Microsoft and Red Hat share an integrated, colocated support team that provides a unified contact point for Red Hat ecosystems running on the Azure platform. Like other Azure platform services that work with Red Hat Enterprise Linux, Azure VMware Solution falls under the Cloud Access and integrated support umbrella. Red Hat Enterprise Linux supports running on top of Azure VMware Solution within Azure.

You can find service issues, planned maintenance, health advisories, and security advisories notifications published through Service Health in the Azure portal. You can take timely actions when you set up activity log alerts for these notifications. For more information, see Create Service Health alerts using the Azure portal.

At the moment, the provisioning can take roughly 3-4 hours. Adding a single node in existing/same cluster takes between 30 - 45 minutes.

No, "AVS-vendor-folders" is a reserved name within Azure VMware Solution and using it might lead to conflicts with the intended functionality or cause unexpected behavior within the vCenter management environment specific to Azure VMware Solution. Choose an alternative folder name that aligns with your organizational needs while avoiding conflicts with predefined naming conventions in Azure VMware Solution.

Yes. Provided the system it's installed on can access the private cloud vCenter Server and is using public DNS to resolve ESXi hostnames.

No. To meet the VM prerequisites, follow the instructions provided by VMware.

vRealize Automation, vRealize Operations Manager, and vRealize Network Insight are certified for use with Azure VMware Solution when those products are installed in an on-premises data center. The cloud-based versions of these products--vRealize Automation Cloud, vRealize Operations Cloud, and vRealize Network Insight Cloud--are also certified for use. Installing these products within an Azure VMware Solution private cloud isn't supported.

Yes. This is possible and recommended via the VMware HCX add-on. Cross vCenter cold migration and cloning is also possible, but Cross vCenter vMotion isn't.

The on-premises environment must be running vSphere 6.5 or later if VMware HCX will be used to migrate VMs.

To migrate an Azure Virtual Machine (VM) to a different plan, follow these steps:

1. Stop the VM in the Azure portal by selecting your VM and then selecting 'Stop' to deallocate resources.
2. With the VM stopped, access the 'Size' setting of the VM.
3. In the 'Choose a size' panel, select a new size that is compatible with either the current or desired series.
4. Select the 'Resize' button to apply the size change.
5. Restart the VM to finalize the migration.

Remember that you can only resize a VM within the same series or to an available series in the same Azure region. Ensure the new plan supports your VM's storage and networking configurations.

Yes, provided VMware HCX Network Underlay Minimum Requirements are met.

The VMware solution software versions used in new deployments of Azure VMware Solution private clouds are:

The current running software version is applied to new clusters added to an existing private cloud.

One benefit of Azure VMware Solution private clouds is that the platform is maintained for you. Microsoft is responsible for the lifecycle management of VMware software (ESXi, vCenter Server, and vSAN) and NSX-T Data Center appliances. Microsoft is also responsible for bootstrapping the network configuration, like creating the Tier-0 gateway and enabling North-South routing. You’re responsible for the NSX-T Data Center SDN configuration: network segments, distributed firewall rules, Tier 1 gateways, and load balancers.

Microsoft is responsible for applying any patches, updates, or upgrades to ESXi, vCenter Server, vSAN, and NSX-T Data Center in your private cloud. The impact of patches, updates, and upgrades on ESXi, vCenter Server, and NSX-T Data Center has the following considerations:

• ESXi - There's no impact to workloads running in your private cloud. Access to vCenter Server and NSX-T Data Center isn't blocked during this time. During this time, we recommend you don't plan other activities like: scaling up private cloud, scheduling or initiating active HCX migrations, making HCX configuration changes, and so on, in your private cloud.

• vCenter Server - There's no impact to workloads running in your private cloud. During this time, vCenter Server is unavailable and you can't manage VMs (stop, start, create, or delete). We recommend you don't plan other activities like scaling up private cloud, creating new networks, and so on, in your private cloud. When you use VMware Site Recovery Manager or vSphere Replication user interfaces, we recommend you don't do either of the actions: configure vSphere Replication, and configure or execute site recovery plans during the vCenter Server upgrade.

• NSX-T Data Center - The workload is impacted. When a particular host is being upgraded, the VMs on that host might lose connectivity from 2 seconds to 1 minute with any of the following symptoms:

  • Ping errors

  • Packet loss

  • Error messages (for example, Destination Host Unreachable and Net unreachable)

  During this upgrade window, all access to the NSX-T Data Center management plane is blocked. You can't make configuration changes to the NSX-T Data Center environment for the duration. Your workloads continue to run as normal, subject to the upgrade impact previously detailed.

  During the upgrade time, we recommend you don't plan other activities like, scaling up private cloud, and so on, in your private cloud. Other activities can prevent the upgrade from starting or could have adverse impacts on the upgrade and the environment.

You're notified through Azure Service Health that includes the timeline of the upgrade. This notification also provides details on the upgraded component, its effect on workloads, private cloud access, and other Azure services. You can reschedule an upgrade as needed.

Software updates include:

• Patches - Security patches or bug fixes released by VMware

• Updates - Minor version change of a VMware stack component

• Upgrades - Major version change of a VMware stack component

Documented VMware workarounds are implemented in lieu of installing a corresponding patch until the next scheduled updates are deployed.

Yes, NSX is the only supported version of VMware network virtualization software.

VMware NSX 4.1.1 is used for the software-defined networking in Azure VMware Solution private clouds.

No, you aren't required to use VMware NSX on-premises. VMware HCX provides the necessary connectivity between on-premises vSphere and Azure VMware Solution.

Yes with an add-on license. Azure VMware Solution supports distributed IDFW and distributed IDS/IPS with add-on firewall license. This add-on license needs to be bought from VMware and Microsoft will apply that license to the Azure VMware Solution private cloud with a support request.

Yes.

The Sentinel Management tab provides you access to download the Sentinel software. It appears in the HCX Interconnect interface when an HCX Enterprise license is activated, and you have deployed a service mesh with a Sentinel Gateway (SGW) and Sentinel Data Receiver (SDR) pair deployed. Also, in traditional on-premises to cloud deployments, the Sentinel tab is only visible in the Connector, not cloud manager.

You can specify the type of format you want when you migrate a VM to Azure VMware Solution. However, vSAN is primarily the datastore you'll use in Azure VMware Solution, so it depends on the storage policy that's selected. The datastore default storage policy is the RAID-1 FTT-1, which is thin provisioned. You can use Run commands to change the default datastore storage policy.

The AV36 SKU servers have dual 18 core 2.3 GHz Intel CPUs. AV36P SKU servers have dual 18 core 2.6 GHz Intel CPUs and AV52 SKU servers have dual 26 core 2.7 GHz Intel CPUs.

The AV36 SKU servers have 576 GB of RAM. AV36P SKU servers have 768 GB of RAM and AV52 SKU servers have 1,536 GB of RAM.

No. VMware doesn't officially support nested virtualization.

Commvault, Veritas, and Veeam have extended their backup solutions to work with Azure VMware Solution. However, any backup solution that uses VMware vStorage API for Data Protection (VADP) with the HotAdd transport mode works out of the box on Azure VMware Solution. For more information, see Backup solutions for Azure VMware Solution VMs.

As these backup solutions are installed and managed by customers, they can reach out to the respective ISV for support.

Azure Bastion is the service recommended to connect to the jump box to prevent exposing Azure VMware Solution to the internet. You can't use Azure Bastion to connect to Azure VMware Solution VMs since they aren't Azure IaaS objects.

Each ESXi host in Azure VMware Solution is configured with four 25-Gbps NICs, two NICs provisioned for ESXi system traffic, and two NICs provisioned for workload traffic.

No.

No.

No. Azure Load Balancer internal-only supports Azure IaaS VMs. Azure Load Balancer doesn't support IP-based backend pools; only Azure VMs or Virtual Machine Scale Set objects in which Azure VMware Solution VMs aren't Azure objects.

Yes. Use an existing ExpressRoute Gateway to connect to Azure VMware Solution as long as it doesn't exceed the limit of four ExpressRoute circuits per virtual network. To access Azure VMware Solution from on-premises through ExpressRoute, you must have ExpressRoute Global Reach since the ExpressRoute Gateway doesn't provide transitive routing between its connected circuits.

A private network /22 address space is required to deploy an Azure VMware Solution private cloud. This private address space shouldn't overlap with other virtual networks in a subscription or with on-premises networks.

You can connect to the service in one of two methods:

• With a VM or application gateway deployed on an Azure virtual network that is peered through ExpressRoute to the private cloud.
• Through ExpressRoute Global Reach from your on-premises data center to an Azure ExpressRoute circuit.

In the Azure portal, enable internet connectivity for a private cloud. With NSX Manager, create an NSX T1 gateway and a logical switch. You then use vCenter Server to deploy a VM on the network segment defined by the logical switch. That VM has network access to the internet and Azure services.

No. Network traffic inbound from the internet directly to private clouds isn't allowed by default. However, you're able to expose Azure VMware Solution VMs to the internet through the Public IP option in your Azure portal for your Azure VMware Solution private cloud.

Yes. You need to use NSX Manager to create a firewall to restrict VM access to the internet.

The IP address range shouldn't overlap with the IP range used in other virtual networks in your subscription and on-premises networks.

Yes.

Azure Virtual WAN doesn't provide transitive routing between two connected ExpressRoute circuits and nonvirtual WAN ExpressRoute Gateway. ExpressRoute Global Reach allows connectivity between on-premises and Azure VMware Solution but goes through Microsoft's global network instead of the Virtual WAN Hub.

No.

By design, you won't be able to reach NSX Manager and vCenter Server Appliance (vCSA) from on-premises when only 0.0.0.0/0 (default route) is being advertised over ExpressRoute Global Reach between Azure VMware Solution and your on-premises ExpressRoute or through Azure Virtual Network to Azure VMware Solution. You need to advertise specific networking routes/subnets to access NSX-T Manager and vCSA.

Use the thin_provision storage policy for your VM template.

Each ESXi host has two vSAN disk groups with a capacity tier of 15.2 TB and a 3.2-TB NVMe cache tier (1.6 TB in each disk group).

Yes, vSAN datastores use data-at-rest encryption by default using keys stored in Azure Key Vault. The encryption solution is KMS-based and supports vCenter Server operations for key management. When a host is removed from a vSphere cluster, data on disk is invalidated immediately.

No, you can't change the name of datastores or clusters.

RAID-1, FTT-1, with Object Space reservation set to Thin Provisioning is the Default Storage policy for the software-defined datacenters (SDDCs).

Thick provisioning is reserved or preallocated storage space. Thick provisioning protects systems by allowing them to function even if the vSAN datastore is full because the space is already reserved. For example, suppose you create a 10-GB virtual disk with thick provisioning. In that case, the full amount of virtual disk storage capacity is preallocated on the physical storage where the virtual disk is created and consumes all the space allocated to it in the datastore. It won't allow other VMs to share the space from the datastore. A thin-provisioned virtual disk consumes the space that it needs initially and grows to the data space demand used in the datastore.

It depends on how you plan your application workloads to run inside the SDDC (private cloud). Microsoft governs these failures regularly and replaces the hardware when such events are detected from an infrastructure perspective. As a default, a setting of FTT-1 is used, which accommodates a single host's failure.

Microsoft provides alerts when capacity consumption exceeds 75%. Alternatively, you can also monitor capacity consumption metrics that are integrated into Azure Monitor.

The AV36 SKU includes two 1.6-TB NVMe Cache and eight 1.9-TB raw storage capacity. These are then split into two disk groups. Check the AV36P and AV52 SKUs for their hardware specifications.

The disk groups aren't RAID configured. Instead, they're just a bunch of disks (JBOD) and are directly controlled by vSAN.

No. There's only one type available.

Yes. The Azure portal is used for deployment and several management operations. vCenter Server and NSX Manager are used to manage vSphere and NSX resources.

At launch, Azure VMware Solution won't support a single management experience across on-premises and private cloud environments. You manage private cloud clusters with vCenter Server and NSX Manager local to a private cloud.

Yes, as long as you have the quota allocated against your private cloud, you can scale out your clusters. When workload demand falls, you can delete hosts from the cluster to scale it down. You can do this through the Azure VMware Solution portal.

No, private cloud hosts and clusters are dedicated and securely erased before and after use.

Clusters can scale between three (minimum) and 16 (maximum) ESXi hosts.

You're provided credentials for a cloud admin user in vCenter Server and admin access on NSX Manager. You can also use a CloudAdmin group to incorporate Microsoft Entra ID. For more information, see Access and identity architecture.

No, administrator access to ESXi is restricted to meet the security requirements of the solution.

You have CloudAdmin role privileges. For more information, see Access and identity architecture.

You have CloudAdmin role privileges. For more information, see Access and identity architecture.

For information on resetting your credentials, see Rotate the cloudadmin credentials for Azure VMware Solution.

No. We currently don't support cloudadmin extension privileges and have no plans to support it.

Yes. For more information, see Request host quota for Azure VMware Solution.

No. Currently, Azure VMware Solution doesn't offer multi-tenancy.

No, an Azure VMware Solution private cloud can't be shared between end customers.

Customers can create multitenant environments in their Azure VMware Solution private cloud and sell to customers provided the product isn't a standard VM and have added substantial intellectual property embedded in the VM as an application.

VMware doesn't allow vCD in the cloud or from on-premises to be licensed with any Hyperscaler, including Microsoft.

Yes. You can connect your Azure VMware Solution private cloud to VMware Cloud Director Service from VMware. This integration of both services is currently in public preview.

Yes, customers can deploy Azure VMware Solution within an Azure subscription managed by a CSP.

Yes. CSPs can purchase reserved instances for their customers. For more information, see Save costs with a reserved instance.