What is Azure VMware Solution?

Azure VMware Solution provides you with private clouds that contain VMware vSphere clusters built from dedicated bare-metal Azure infrastructure. The minimum initial deployment is three hosts, but more hosts can be added one at a time, up to a maximum of 16 hosts per cluster. All provisioned private clouds have VMware vCenter Server, VMware vSAN, VMware vSphere, and VMware NSX-T Data Center. As a result, you can migrate workloads from your on-premises environments, deploy new virtual machines (VMs), and consume Azure services from your private clouds. For information about the SLA, see the Azure service-level agreements page.

Azure VMware Solution is a VMware validated solution with ongoing validation and testing of enhancements and upgrades. Microsoft manages and maintains the private cloud infrastructure and software. It allows you to focus on developing and running workloads in your private clouds to deliver business value.

The diagram shows the adjacency between private clouds and VNets in Azure, Azure services, and on-premises environments. Network access from private clouds to Azure services or VNets provides SLA-driven integration of Azure service endpoints. ExpressRoute Global Reach connects your on-premises environment to your Azure VMware Solution private cloud.

Diagram of Azure VMware Solution private cloud adjacency to Azure and on-premises.

AV36P and AV52 node sizes available in Azure VMware Solution

The new node sizes increase memory and storage options to optimize your workloads. The gains in performance enable you to do more per server, break storage bottlenecks, and lower transaction costs of latency-sensitive workloads. The availability of the new nodes allow for large latency-sensitive services to be hosted efficiently on the Azure VMware Solution infrastructure.

AV36P key highlights for Memory and Storage optimized Workloads:

  • Runs on Intel® Xeon® Gold 6240 Processor with 36 Cores and a Base Frequency of 2.6Ghz and Turbo of 3.9Ghz.
  • 768 GB of DRAM Memory
  • 19.2 TB Storage Capacity with all NVMe based SSDs (With Random Read of 636500 IOPS and Random Write of 223300 IOPS)
  • 1.5TB of NVMe Cache

AV52 key highlights for Memory and Storage optimized Workloads:

  • Runs on Intel® Xeon® Platinum 8270 with 52 Cores and a Base Frequency of 2.7Ghz and Turbo of 4.0Ghz.
  • 1.5 TB of DRAM Memory
  • 38.4TB storage capacity with all NVMe based SSDs (With Random Read of 636500 IOPS and Random Write of 223300 IOPS)
  • 1.5TB of NVMe Cache

For pricing and region availability, see the Azure VMware Solution pricing page and see the Products available by region page.

Hosts, clusters, and private clouds

Azure VMware Solution clusters are based upon hyper-converged infrastructure. The following table shows the CPU, memory, disk and network specifications of the host.

Host Type CPU (GHz) RAM (GB) vSAN Cache Tier (TB, raw) vSAN Capacity Tier (TB, raw) Network Interface Cards Regional availability
AV36 Dual Intel Xeon Gold 6140 CPUs with 18 cores/CPU @ 2.3 GHz, Total 36 physical cores (72 logical cores with hyperthreading) 576 3.2 (NVMe) 15.20 (SSD) 4x 25 Gb/s NICs (2 for management & control plane, 2 for customer traffic) All product regions
AV36P Dual Intel Xeon Gold 6240 CPUs with 18 cores/CPU @ 2.6 GHz / 3.9 GHz Turbo, Total 36 physical cores (72 logical cores with hyperthreading) 768 1.5 (Intel Cache) 19.20 (NVMe) 4x 25 Gb/s NICs (2 for management & control plane, 2 for customer traffic) Selected regions (*)
AV52 Dual Intel Xeon Platinum 8270 CPUs with 26 cores/CPU @ 2.7 GHz / 4.0 GHz Turbo, Total 52 physical cores (104 logical cores with hyperthreading) 1,536 1.5 (Intel Cache) 38.40 (NVMe) 4x 25 Gb/s NICs (2 for management & control plane, 2 for customer traffic) Selected regions (*)

An Azure VMware Solution cluster requires a minimum number of three hosts. You can only use hosts of the same type in a single Azure VMware Solution private cloud. Hosts used to build or scale clusters come from an isolated pool of hosts. Those hosts have passed hardware tests and have had all data securely deleted before being added to a cluster.

(*) details available via the Azure pricing calculator.

You can deploy new or scale existing private clouds through the Azure portal or Azure CLI.

Networking

Azure VMware Solution offers a private cloud environment accessible from on-premises sites and Azure-based resources. Services such as Azure ExpressRoute, VPN connections, or Azure Virtual WAN deliver the connectivity. However, these services require specific network address ranges and firewall ports for enabling the services.

When you deploy a private cloud; private networks for management, provisioning, and vMotion get created. You'll use these private networks to access VMware vCenter Server and VMware NSX-T Data Center NSX-T Manager and virtual machine vMotion or deployment.

ExpressRoute Global Reach is used to connect private clouds to on-premises environments. It connects circuits directly at the Microsoft Enterprise Edge (MSEE) level. The connection requires a virtual network (vNet) with an ExpressRoute circuit to on-premises in your subscription. The reason is that vNet gateways (ExpressRoute Gateways) can't transit traffic, which means you can attach two circuits to the same gateway, but it won't send the traffic from one circuit to the other.

Each Azure VMware Solution environment is its own ExpressRoute region (its own virtual MSEE device), which lets you connect Global Reach to the 'local' peering location. It allows you to connect multiple Azure VMware Solution instances in one region to the same peering location.

Note

For locations where ExpressRoute Global Reach isn't enabled, for example, because of local regulations, you have to build a routing solution using Azure IaaS VMs. For some examples, see Azure Cloud Adoption Framework - Network topology and connectivity for Azure VMware Solution.

Virtual machines deployed on the private cloud are accessible to the internet through the Azure Virtual WAN public IP functionality. For new private clouds, internet access is disabled by default.

For more information, see Networking concepts.

Access and security

Azure VMware Solution private clouds use vSphere role-based access control for enhanced security. You can integrate vSphere SSO LDAP capabilities with Azure Active Directory. For more information, see the Access and Identity concepts page.

vSAN data-at-rest encryption, by default, is enabled and is used to provide vSAN datastore security. For more information, see Storage concepts.

Data Residency and Customer Data

Azure VMware Solution doesn't store customer data.

VMware software versions

The VMware solution software versions used in new deployments of Azure VMware Solution private cloud clusters are:

Software Version
VMware vCenter Server 7.0 U3c
ESXi 7.0 U3c
vSAN 7.0 U3c
vSAN on-disk format 10
HCX 4.4.2
VMware NSX-T Data Center
NOTE: VMware NSX-T Data Center is the only supported version of NSX Data Center.
3.1.2

The current running software version is applied to new clusters added to an existing private cloud. For more information, see the VMware software version requirements for HCX and Understanding vSAN on-disk format versions and compatibility.

Host and software lifecycle maintenance

Regular upgrades of the Azure VMware Solution private cloud and VMware software ensure the latest security, stability, and feature sets are running in your private clouds. For more information, see Host maintenance and lifecycle management.

Monitoring your private cloud

Once you’ve deployed Azure VMware Solution into your subscription, Azure Monitor logs are generated automatically.

In your private cloud, you can:

Monitoring patterns inside the Azure VMware Solution are similar to Azure VMs within the IaaS platform. For more information and how-tos, see Monitoring Azure VMs with Azure Monitor.

Customer communication

You can find service issues, planned maintenance, health advisories, and security advisories notifications published through Service Health in the Azure portal. You can take timely actions when you set up activity log alerts for these notifications. For more information, see Create Service Health alerts using the Azure portal.

Screenshot of Service Health notifications.

Azure VMware Solution Responsibility Matrix - Microsoft vs Customer

Azure VMware Solution implements a shared responsibility model that defines distinct roles and responsibilities of the two parties involved in the offering: Customer and Microsoft. The shared role responsibilities are illustrated in more detail in following two tables.

The shared responsibility matrix table shows the high-level responsibilities between a customer and Microsoft for different aspects of the deployment/management of the private cloud and the customer application workloads.

screenshot shows the high-level shared responsibility matrix.

The following table provides a detailed list of roles and responsibilities between the customer and Microsoft, which encompasses the most frequent tasks and definitions. For further questions, contact Microsoft.

Role Task/details
Microsoft - Azure VMware Solution Physical infrastructure
  • Azure regions
  • Azure availability zones
  • Express Route/Global reach
Compute/Network/Storage
  • Rack and power Bare Metal hosts
  • Rack and power network equipment
Software defined Data Center (SDDC) deploy/lifecycle
  • VMware ESXi deploy, patch, and upgrade
  • VMware vCenter Servers deploy, patch, and upgrade
  • VMware NSX-T Data Centers deploy, patch, and upgrade
  • vSAN deploy, patch, and upgrade
SDDC Networking - VMware NSX-T Data Center provider config
  • Microsoft Edge node/cluster, VMware NSX-T Data Center host preparation
  • Provider Tier-0 and Tenant Tier-1 Gateway
  • Connectivity from Tier-0 (using BGP) to Azure Network via Express Route
SDDC Compute - VMware vCenter Server provider config
  • Create default cluster
  • Configure virtual networking for vMotion, Management, vSAN, and others
SDDC backup/restore
  • Backup and restore VMware vCenter Server
  • Backup and restore VMware NSX-T Data Center NSX-T Manager
SDDC health monitoring and corrective actions, for example: replace failed hosts

(optional) HCX deploys with fully configured compute profile on cloud side as add-on

(optional) SRM deploys, upgrade, and scale up/down

Support - SDDC platforms and HCX
Customer Request Azure VMware Solution host quote with Microsoft
Plan and create a request for SDDCs on Azure portal with:
  • Host count
  • Management network range
  • Other information
Configure SDDC network and security (VMware NSX-T Data Center)
  • Network segments to host applications
  • Additional Tier -1 routers
  • Firewall
  • VMware NSX-T Data Center LB
  • IPsec VPN
  • NAT
  • Public IP addresses
  • Distributed firewall/gateway firewall
  • Network extension using HCX or VMware NSX-T Data Center
  • AD/LDAP config for RBAC
Configure SDDC - VMware vCenter Server
  • AD/LDAP config for RBAC
  • Deploy and lifecycle management of Virtual Machines (VMs) and application
    • Install operating systems
    • Patch operating systems
    • Install antivirus software
    • Install backup software
    • Install configuration management software
    • Install application components
    • VM networking using VMware NSX-T Data Center segments
  • Migrate Virtual Machines (VMs)
    • HCX configuration
    • Live vMotion
    • Cold migration
    • Content library sync
Configure SDDC - vSAN
  • Define and maintain vSAN VM policies
  • Add hosts to maintain adequate 'slack space'
Configure HCX
  • Download and deploy HCA connector OVA in on-premises
  • Pairing on-premises HCX connector
  • Configure the network profile, compute profile, and service mesh
  • Configure HCX network extension/MON
  • Upgrade/updates
Network configuration to connect to on-premises, VNET, or internet

Add or delete hosts requests to cluster from Portal

Deploy/lifecycle management of partner (third party) solutions
Partner ecosystem Support for their product/solution. For reference, the following are some of the supported Azure VMware Solution partner solution/product:
  • BCDR - SRM, JetStream, RiverMeadow, and others
  • Backup - Veeam, Commvault, Rubrik, and others
  • VDI - Horizon/Citrix
  • Security solutions - BitDefender, TrendMicro, Checkpoint
  • Other VMware products - vRA, vROps, AVI

Next steps

The next step is to learn key private cloud and cluster concepts.