Azure Stack FAQ
What is Azure Stack HCI?
Azure Stack HCI solutions enable you to run virtual machines on-premises and easily connect to Azure with a hyperconverged infrastructure (HCI) solution. Build and run cloud applications using consistent Azure services on-premises to meet regulatory or technical requirements. In addition to running virtualized applications on-premises, Azure Stack HCI enables you to replace and consolidate aging server infrastructure and connect to Azure for cloud services using the Windows Admin Center.
Azure Stack HCI provides validated HCI solutions powered by Hyper-V and Storage Spaces Direct with Windows Server 2019 Software-Defined Datacenter (SDDC). The Windows Admin Center is used for management and integrated access to Azure services such as:
Azure Site Recovery
Azure Monitor and Update
What are some examples of use cases for Azure Stack?
Remote or branch office systems
Virtual desktop Infrastructure
High availability and disaster recovery in the cloud
Enterprise apps like SQL Server
Clinical and claims data
IoT device analytics
Retail assortment optimization
What is Azure Stack Hub?
Azure Stack Hub is an extension of Azure that brings the agility and innovation of cloud computing to your on-premises environment. Deployed on-premises, Azure Stack Hub can be used to provide Azure consistent services either connected to the internet (and Azure) or in disconnected environments with no internet connectivity. Azure Stack Hub uses the same underlying technologies as global Azure, which includes the core components of Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS), and optional Platform-as-a-Service (PaaS) capabilities including:
Azure VMs for Windows and Linux
Azure Web Apps and Functions
Azure Key Vault
Azure Resource Manager
Admin tools (Plans, offers, RBAC, etc.)
Can you tell me more about Azure Stack Hub Architecture?
The Azure Stack Hub architecture lets you provide Azure services at the edge for remote locations or intermittent connectivity, disconnected from the internet. You can create hybrid solutions that process data locally in Azure Stack Hub and then aggregate it in Azure for additional processing and analytics. Finally, because Azure Stack Hub is installed on-premises, you can meet specific regulatory or policy requirements with the flexibility of deploying cloud apps on-premises without changing any code.
Azure Stack Hub integrated systems are comprised in racks of 4-16 servers.
Azure Stack Hub is built on industry standard hardware and is managed using the same tools you already use for managing Azure subscriptions. As a result, you can apply consistent DevOps processes whether you're connected to Azure or not.
Where does SALT currently have Azure Stacks?
More location announcements coming soon!
If you have a prefered location for our next Azure Stack, or want one all to yourself, let us know in the contact form at the bottom of our site.
Where does the data reside when using an Azure Stack?
It resides only in the country the Azure Stack is in.
This addresses nearly all corporate and regulatory requirements related to cloud environments and cloud storage.
You still have the option to seemlessly shift your data at anytime to Microsoft Azure Public Cloud if desired. You can also connect to Azure services for cloud-based backup, site-recovery, and more.
What are some of the compliance standards met by Azure Stack?
PCI-DSS addresses the payment card industry.
CSA Cloud Control Matrix is a comprehensive mapping across multiple standards, including
FedRAMP Moderate, ISO27001, HIPAA, HITRUST, ITAR, NIST SP800-53, and others.
FedRAMP High for government customers.
What is the security approach for Azure Stack Hub?
Security considerations and compliance regulations are among the main drivers for using hybrid clouds. Azure Stack Hub is designed for these scenarios.
Two security posture layers coexist in Azure Stack Hub. The first layer is the Azure Stack Hub infrastructure, which includes the hardware components up to the Azure Resource Manager. The first layer includes the administrator and the user portals. The second layer consists of the workloads created, deployed, and managed by tenants. The second layer includes items like virtual machines and App Services web sites.
The security posture for Azure Stack Hub is designed to defend against modern threats and was built to meet the requirements from the major compliance standards. As a result, the security posture of the Azure Stack Hub infrastructure is built on two pillars:
Starting from the assumption that the system has already been breached, focus on detecting and limiting the impact of breaches versus only trying to prevent attacks.
Hardened by Default
Since the infrastructure runs on well-defined hardware and software, Azure Stack Hub enables, configures, and validates all the security features by default.
Because Azure Stack Hub is delivered as an integrated system, the security posture of the Azure Stack Hub infrastructure is defined by Microsoft. Just like in Azure, tenants are responsible for defining the security posture of their tenant workloads.
Is data on an Azure Stack encrypted?
Data at rest encryption
All Azure Stack Hub infrastructure and tenant data are encrypted at rest using BitLocker. This encryption protects against physical loss or theft of Azure Stack Hub storage components.
Data in transit encryption
The Azure Stack Hub infrastructure components communicate using channels encrypted with TLS 1.2. Encryption certificates are self-managed by the infrastructure.
All external infrastructure endpoints, like the REST endpoints or the Azure Stack Hub portal, support TLS 1.2 for secure communications. Encryption certificates, either from a third party or your enterprise Certificate Authority, must be provided for those endpoints.
While self-signed certificates can be used for these external endpoints, Microsoft strongly advises against using them.
What is the billing process?
Automated billing. Billed monthly based on consumption. You only pay for what you use.