Azure Stack HCI is Microsoft’s hyper-converged infrastructure stack that brings Azure down to your on-premises environment. It’s not a feature of Windows Server, but a separate operating system that is delivered as an Azure service. It provides the latest security, performance, and feature updates through an Azure subscription, similar to how any other Azure service is billed.
Microsoft has a Technical Use Case program to help you quickly find hardware configurations for Azure Stack HCI that Microsoft has validated for various needs. Here are six scenarios and technical use cases with validated solutions from DataON:
1/ Azure Kubernetes Service
Azure Kubernetes Service (AKS) on Azure Stack HCI is an enterprise-grade Kubernetes container platform powered by Azure Stack HCI. It includes Microsoft-supported core Kubernetes, a purpose-built Windows container host, and a Microsoft-supported Linux container host, with a goal to have a simple deployment and life cycle management experience. Azure Kubernetes Service on Azure Stack HCI uses a set of predefined configurations to deploy Kubernetes cluster(s) effectively and with scalability in mind. The deployment operation will create multiple Linux or Windows virtual machines and join them together to create Kubernetes cluster(s). When you create an Azure Kubernetes Service cluster on Azure Stack HCI, a management cluster is automatically created and configured. This management cluster is responsible for provisioning and managing workload clusters where workloads run. You can personally manage AKS on Azure Stack HCI using Windows Admin Center and PowerShell.
2/ Branch Office and Edge
Computing at the edge shifts most data processing from a centralized system to the edge of the network, closer to a device or system that requires data quickly. Azure IoT Edge moves cloud analytics and custom business logic to devices so that you can focus on business insights instead of data management. Azure IoT Edge combines AI, cloud, and edge computing in containerized cloud workloads, such as Azure Cognitive Services, Machine Learning, Stream Analytics, and Functions. Workloads can run on devices ranging from a Raspberry Pi to a converged edge server.
3/ Secured-Core Server
As the world continues to go digital, there is a constant urgency to improve and innovate the worlds cybersecurity sector. Especially with the rise of data collection, AI, and cryptocurrency the world seems to be more vulnerable than ever to hackers. Given the many incentives to commit attacks and theft, raising the bar for hackers is a clear and urgent need for Windows Server and Azure Stack HCI.
Secured-core server is built on three key pillars: simplified security, advanced protection, and preventive defense. Windows Server and Azure Stack HCI systems will have easy configuration experiences in the Windows Admin Center to enable the security features of Secured-core.
Secured-core servers use hardware, firmware and operating system capabilities to the fullest extent to provide protection against current and future threats. Hardware-based root of trust, firmware protection, and virtualization-based security are enabled by a Secured Core server to target and create a secure platform for critical applications and data used on that server.
4/ High-Performance Microsoft SQL Server
Azure Stack HCI provides a highly available, cost efficient, flexible platform to run SQL Server and Storage Spaces Direct. Azure Stack HCI can run Online Transaction Processing (OLTP) workloads, data warehouse and BI, and AI and advanced analytics over big data.
The platform’s flexibility is especially important for mission critical databases. You can run SQL Server on virtual machines (VMs) that use either Windows Server or Linux, which allows you to consolidate multiple database workloads and add more VMs to your Azure Stack HCI environment as needed. Azure Stack HCI also enables you to integrate SQL Server with Azure Site Recovery to provide a cloud-based migration, restoration, and protection solution for your organization’s data that is reliable and secure.
5/ Trusted Enterprise Virtualization
Virtualization-based security (VBS) is a key component of the security investments in Azure Stack HCI to protect hosts and virtual machines (VMs) from security threats. It uses the Windows hypervisor to create and manage security boundaries in operating system software, enforce restrictions to protect vital system resources, and protect security assets, such as authenticated user credentials. With VBS, even if malware gains access to the operating system kernel, you can greatly limit and contain possible exploits, because the hypervisor prevents malware from executing code or accessing platform secrets.
The hypervisor, the most privileged level of system software, sets and enforces page permissions across all system memory. While in Virtual Secure Mode (VSM), pages can only execute after passing code integrity checks. Even if a vulnerability, such as a buffer overflow that could allow malware to attempt to modify memory occurs, code pages cannot be modified, and modified memory cannot be executed. VBS and Hypervisor-Protected Code Integrity (HVCI) significantly strengthen code integrity policy enforcement. All kernel mode drivers and binaries are checked before they can start, and unsigned drivers or system files are prevented from loading into system memory.
6/ Virtual Desktop Infrastructure
VDI uses server hardware to run desktop operating systems and software programs on a virtual machine (VM). In this way, VDI lets you run traditional desktop workloads on centralized servers. VDI advantages in a business setting include keeping sensitive company applications and data in a secure data center and accommodating a BYOD policy without worrying about mixing personal data with corporate assets. VDI has also become the standard to support remote and branch office workers and provide access to contractors and partners.
Azure Stack HCI offers the optimal platform for VDI. A validated Azure Stack HCI solution combined with Microsoft Remote Desktop Services (RDS) lets you achieve a highly available and highly scalable architecture. In addition, Azure Stack HCI VDI provides cloud-based capabilities, like Azure Update Management and Advanced Threat Protection, to protect VDI workloads and clients