For the last couple of years I have had a cloud first focus, but I will always have a love for leveraging cloud technologies on premises as well. Over the last several days I got hands on with some of the latest and upcoming Azure Hybrid technologies and I’m really excited about what is coming. I’ve written before about how cloud isn’t just a place, but a model (which you can check out here). In this post I want to talk about some of the exciting ways you can leverage cloud technologies in your on premises data center now and in the near future.

Azure Hybrid Today

There are several really great Azure Hybrid services that have been out for some time and that organizations should absolutely consider using. The big draw with these services is accelerating your operational efficiency by using tools and technologies built for the cloud, but still having them physically on premises if you need that.

Below you will find a diagram that highlights many of the Azure Hybrid services I will cover in this post.

Azure Hybrid services diagram from
Credit to the Microsoft team for this great Azure Hybrid diagram

Hybrid IaaS and PaaS

Azure Hybrid IaaS solutions empower organizations to host their own virtual machines and services using the same technologies that power Azure. This includes the hosting, applications, network connectivity, and BCDR.

Azure Stack HCI

Azure Stack HCI is the culmination of some incredible software defined data center technologies. These started back in Windows Server 2016 and Microsoft leverages the same technologies to power Azure. This solution enables organizations to take certified, traditional servers and combine them to form a hyper-converged cloud solution. Here are the core components of the HCI solution:

Software defined storage is a game changer from the traditional SAN model. It enables locally attached disks to be combined over the network to build very high performance storage that is accessible to all nodes in a cluster. This storage is resilient to both disk and server failures.

Software defined networking (SDN) powers high performance network communications while enabling granular security controls. SDN enables servers to combine high performance network adapters (10,25,100+Gbps) for resiliency against failure, aggregation of bandwidth, and intelligent separation. More recent developments in Network ATC have enabled intent based networking that dramatically simplifies SDN configuration. Finally, SDN enables a very similar approach to networking that will be familiar to Azure network engineers. You can utilize virtual networks, network security groups for micro segmentation, and more.

Compute services are similar to the traditional virtualization cluster and IaaS offerings, but the Azure Stack HCI operating system brings with it a lot of innovation for Azure. Notably, with Azure Stack HCI you gain features like Hotpatch which dramatically reduces downtime for patches. It also gives you the rights to run Azure only services in your datacenter like Windows Server Azure Edition or Windows 10/11 Multisession for Azure Virtual Desktop.

Azure Stack HCI also brings simplified management capabilities by streamlining license purchases in two ways. You can leverage Windows Server licenses with Software Assurance to reduce your Azure costs for hybrid services like Azure Stack HCI. You can also leverage Azure to pay for Windows licensing using an Azure Subscription rather than going through a traditional procurement path.


Azure Kubernetes Service (AKS) enables organizations to host containerized applications on the popular Kubernetes platform while dramatically simplifying the experience. Azure hybrid services can enable you to deploy and manage Kubernetes clusters in a streamlined way while also connecting to powerful developer tools like GitOps. Organizations can quickly deploy Kubernetes to host containerized Windows and Linux applications on premises. At the same time they can empower developers to use powerful cloud based CI/CD tools like GitOps to develop and deploy the applications in an automated and consistent way. AKS can run on Azure Stack HCI in your data center or even on other public clouds.

Arc Enabled Data Services

Microsoft is really doubling down on containerization using Kubernetes and using it to power their own services. In so doing, they are also empowering their customers to run those same services on their own AKS clusters. One of the most exciting data services that is available today is SQL Managed Instance on AKS. This means that if you have Kubernetes setup, you can run a fully managed SQL instance on top of that infrastructure with very little complexity or effort. SQL Managed Instance takes care of all the high availability and maintenance concerns and the ability to run that in your data center is very powerful.

Azure Hybrid Connectivity

There are two key hybrid connectivity solutions organizations should be aware of. The first is Azure Express Route which enables private connectivity from on premises directly into the Azure Cloud. This is a great way to get a high performance and consistent connection. You can even save costs over a VPN if your organization is transferring large amounts of data between Azure and on premises.

The second hybrid connectivity solution is part of the Azure Stack HCI SDN package. SDN includes the capability to have VPN gateways managed as part of the network stack. These are VPN virtual machines that facilitate connectivity between virtual networks on premises and any other location.


Azure Backup and Azure Site Recovery are two services that really can’t be left out when discussing hybrid services. Public cloud is a great resource for disaster recovery and backup solutions. By their nature, backup solutions are used infrequently and with low resource requirements. But when you experience a failure you need to rapidly scale those resources to handle the full production load. Azure Backup and Azure Site Recovery are both great solutions that meet these requirements.

Azure Hybrid Management

The other type of hybrid services that organizations should be using today are hybrid management services. These fall into the categories of security, policy/compliance, and logging/monitoring. These solutions are largely driven by the Azure Arc platform which enables virtual servers outside of Azure to be managed by Azure.

Azure Hybrid Security

The key benefits of using the Microsoft security products are having a single consolidated place to manage your security landscape as well as using a suite of products that is powered by cloud scale security insights. The Microsoft Defender suite covers servers, containers, endpoints, email, storage, data, credentials, and much more.

In addition to Defender, organizations should look at Azure Sentinel as a solid SIEM platform. Sentinel can ingest logs and security signals from across your complete IT landscape to enable detection of threats and remediation at scale no matter where your workloads are running.


Another area where Azure Hybrid services can really benefit IT operations is through the Azure Policy engine. Using Azure Arc, you can consistently apply and enforce configuration policies across systems both in Azure and on premises. This can ensure that your infrastructure remains in compliance with regulatory and security policies. This can also include automated patching using Azure Auto Manage.


Finally, Azure allows you to centralize your logging and performance metrics across your entire environment. Azure monitor agents can enable you to store event and audit logs in Azure as well as performance monitoring data. This can give you a single location to query logs, view performance data, generate alerts, automate remediation, and build reports. Sentinel also connects to this data for security analysis.

Azure Hybrid Tomorrow

Azure already has a pretty incredible set of tools and technologies to enable you to deliver cloud services to your organization from your own data center. Using these technologies can bring huge efficiency gains in your IT operations while also helping you to bolster your consistency and security. But the future looks even more promising! There are several exciting things on the roadmap for this year.

Azure Stack HCI Hardware

Microsoft announced at Ignite 2022 that they will offer their own hardware as a service for Azure Stack HCI that is ordered through the Azure Portal. This will enable organizations to order cluster nodes right from the Azure Portal on a monthly subscription model to enable Azure Hybrid services in their data center. This will also mean that there is on vendor for support for hardware, firmware, OS, and application/services. This hardware is already available for Azure Stack Edge which is a different experience that I’m not covering here, so I expect to see this soon.

Arc Enabled VM Management

Because of the integration between Azure Stack HCI and the Azure cloud, Microsoft has streamlined on premises virtual machine management by enabling VMs to be created and managed from Azure. This capability is in preview, but it is sort of the holy grail of VM management. You can deploy VMs to your on premises HCI cluster from the Azure Portal using Azure marketplace images or your own custom images. These VMs are then Arc enabled and you can perform management operations on them. You can start, stop, resize, and much more with your on premises VMs.

Arc Enabled Data Services

In addition to the data services mentioned above (AKS and SQL MI), Microsoft has several additional services in preview or announced. These are native Azure services coming to your data center. They are powered by Azure Stack HCI, AKS, and Azure Arc.

Azure App Service

One of Azure’s most popular services, Azure App Service, allows you to run web applications at scale without needing to manage the underlying web servers. Using AKS, it is already in preview to run App Services on your own infrastructure. I couldn’t be more excited about running web applications on a fully managed PaaS service, connecting to a fully managed SQL service on a fully managed HCI IaaS service.

Function Apps

Azure Functions run on the same platform as App Services, so it makes sense that these are coming along for the ride. Azure Functions on AKS are also in preview.

Logic Apps

Azure Logic Apps have the same story as Function Apps. Logic Apps on AKS are in preview and will allow you to build visual workflows and automations that will run on your own infrastructure.


Microsoft is working hard to containerize many more PaaS services to enable organizations to run them anywhere. This includes things like AI/ML services and more. Keep an eye out for more services.

Wrap Up

Wow, that is a lot of Azure Hybrid. Microsoft has clearly recognized that organizations will run their workloads on premises as well as in the public cloud for a long time to come. They are investing heavily to empower organizations to have a seamless and consistent management experience across these environments while also taking advantage of the latest cloud technologies anywhere. I recommend checking out the Arc Jumpstart site to get hands on with these technologies as well as reviewing the links I included above to the documentation for each service. I hope this consolidated view of Azure Hybrid was helpful. Keep an eye out for more posts about how to leverage the cloud to empower your organization.

Share this content: