It's possible to build your own cloud, and vendors are working to make it easier

An accurate definition of the term "hybrid cloud" should focus on seamless application deployment for both the public and private cloud. A public cloud would be any of the primary vendors offering cloud-based services, including Amazon, Google, and Microsoft. While there may be a few more companies offering public cloud services, the majority of the market is shared among the big three. Of those three, only Microsoft offers its customers a true mirror image of their Azure product for installation on site.

The real issue at hand is actually nothing new. It basically boils down to how you want your meal. Microsoft offers a smorgasbord in a box, which looks just like what you can get at your favorite all-you-can-eat buffet. OpenStack, on the other hand, offers the basic ingredients plus a gourmet cookbook, and you can make whatever you'd like. While the analogy doesn't completely fit, it does paint a picture of buy versus build. OpenStack is software, and you can get a packaged solution from vendors like Red Hat and SUSE. You still need hardware to run that software, and somebody to put it all together.

With OpenStack, you lack the public cloud functionality. While many of the primary features of OpenStack can be found in all of the big three public cloud providers, you still don't have the compatibility offered in Azure and Azure Stack. The question then becomes: Do you really need it? Not every application or use case requires identical features. For some industries, such as telco providers, you need that lower-level access to specific pieces, like the software-defined network layer, to build out your solutions.

Cost is a potential issue for some customers. Microsoft charges for Azure Stack in much the same way it charges for public Azure. This pay-as-you-go concept works well for many scenarios but could become cost prohibitive in some cases. In most instances, you pay a fixed price for OpenStack on a one-time basis, plus any support fees beyond the initial purchase. That doesn't include any additional hardware purchases required to run the software.

Taking the Microsoft Azure Stack private

When you take a close look at Microsoft's Azure Stack, you see an offering that is highly consistent with its public Azure platform. While the two products are not totally feature-aligned, they are completely compatible for those features available on both. This is intended to provide predictability for a local data center, where you get the same user experience as well as the exact same environment to run applications.

With general availability reached in late September 2017, the initial release of Microsoft Azure Stack is offered as a hardware and software solution from Cisco, Dell, Hewlett Packard Enterprise, and Lenovo. Microsoft focused on delivering a complete solution in partnership with its OEM suppliers with the goal of enabling the stack to be delivered and fully functional in under a week. Coupling that with the new pricing model based on usage, Microsoft customers can reduce their capital expenditures and better manage their operating expenses.

Azure Stack delivers both infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) functionality on par with the Azure cloud offering. From an IaaS perspective, Azure Stack provides all the basic features needed to stand up orchestrated applications built on top of virtual machines, networking, and storage. Microsoft defines Iaas as "an instant computing infrastructure, provisioned and managed over the Internet." In the case of Azure Stack, this would be over a corporate network, but the basic concept remains the same. The one significant missing piece in the initial release is support for containers, but that's near the top of the list for updates.

From a PaaS perspective, the initial release of Azure Stack has a small fraction of the services offered by the Azure cloud offering. What's there includes support for APIs, mobile, and web apps, plus SQL database as a service. At this time, you won't find any explicit Internet of Things support or big data analytics. It remains to be seen if Microsoft will push all of those services down to Azure Stack. In the meantime, it is possible to build and deploy real-world applications using the services that are available.

What it takes to deliver Azure-consistent services from your data center. Read the whitepaper

Using the open source OpenStack to build your private cloud

The OpenStack project was started in 2010 with NASA and Rackspace as the two primary participants. It was designed from the beginning as an open cloud architecture. NASA later dropped out, but since that time, OpenStack has seen a number of vendors, including Red Hat and SUSE, deliver commercially supported products based on the OpenStack distribution. ZeroStack is one company with a hosted OpenStack offering, and Rackspace is another.

Red Hat also offers OpenShift for container orchestration and is the key component of its PaaS strategy. OpenShift is based on Kubernetes and uses Docker as the primary container execution mechanism. An interesting note here is that Red Hat and Microsoft have partnered to bring OpenShift to the Azure cloud. Kubernetes is another supported tool for orchestrating containers on the Azure cloud.

Another big vendor to offer a supported OpenStack product is Dell EMC and its VMware Integrated OpenStack offering. This product uses the Heat orchestration component to manage the infrastructure portion of deployment. It also supports software configuration management using Puppet and Chef. Programmatic access to the platform uses the OpenStack-native REST API.

It's interesting to note that many of the core capabilities inherent to OpenStack can be found on Azure. While Microsoft hasn't made any public statements on which services will be made available on Azure Stack, it's safe to assume that many, if not all, will eventually make their way to the platform.

Security considerations

Microsoft designed Azure Stack with security as a primary design criterion, based on two principles: assume a breach, and hardened by default. At the hardware level, it expects secure boot, UEFI, and TPM 2.0. This helps explain the rationale behind the company using certified vendors and its hardware as the foundation for the Azure Stack offering. Azure Stack also encrypts data at rest using BitLocker and in transit using TLS 1.2. All encryption certificates are self-managed by the infrastructure.

Azure Stack disables legacy protocols, removes unused components, and adds the Windows 2016 security features Credential Guard, Device Guard, and Windows Defender. It also implements the strictest hardening guidelines provided by the U.S. Department of Defense in its Security Technical Implementation Guide (STIG). All interaction between components happens over well-known ports, and the rest are locked down.

Both Red Hat and SUSE provide validated and verified applications to complement their OpenStack products. They also have DOD STIG procedures for their operating systems, although the hardening steps must be implemented once the operating system is installed. While both platforms provide the mechanism to implement constrained administration credentials, Azure Stack takes the concept to the extreme to include all service endpoints.

The bottom line here is Microsoft Azure Stack comes hardened for security purposes; you must either implement a set of security hardening procedures for Red Hat or SUSE Linux yourself or have someone do it for you.

Application development on your private cloud

Anyone paying attention to the application development world lately has heard the expression "cloud-native applications." A Linux Foundation project, the Cloud Native Computing Foundation, defines a cloud-native application as being container packaged, dynamically managed, and microservices oriented.

One of the key pieces of the puzzle centers around microservices. Microservices encourages the concept of writing smaller functional applications that can be connected to build out a complete application. It might involve individual services to manage authentication, database transactions, logging, and more. With individual components handling separate functions, it makes it easier to scale applications; you increase the resources associated with those under the heaviest load.

This application paradigm is essentially the same regardless of the platform. Microsoft has been pushing the concept of cloud-native applications for some time, and it offers a complete set of tools from its Visual Studio integrated development environment to the new open source Visual Studio Code editor. Visual Studio Code is itself extensible through the use of plugins and has a significant number of supported languages plus support for building containerized applications.

Bottom line

So which product is the best for your private cloud deployment? The answer, as with many other IT options, it depends. If you're looking for a tightly controlled and managed offering with deep ties to the Microsoft ecosystem, your choice is pretty simple: Azure Stack. If you want more of a roll-your-own solution, and you're willing to put in the effort to get it done, then OpenStack might be more appealing.

At first glance, it might look like OpenStack offers a more cost-effective solution. But that might not be a good assessment in the long run. Unless you have a team of open source experts familiar with the components that make up OpenStack, you'll be looking at either an outside vendor providing those resources or training your staff. Either way, it would be a significant investment.

Azure or Open Stack: Lessons for leaders

First, you must decide whether you want a complete, in-the-box solution or to roll your own.

If you are already a Microsoft shop, Azure provides a seamless extension.

A commitment to Linux in the data center would tend to suggest OpenStack with a vendor support contract.

Related links:

HPE announces the next generation HPE ProLiant for Microsoft Azure Stack

Protect Microsoft Azure with HPE data protection solutions

Another new royal arrival: HPE ProLiant for Microsoft Azure Stack (Gen 10)

Microsoft announces Windows Server 2019!

Cloud or on prem? With HPE GreenLake for SAP HANA, the answer is “yes”

Companies around the world are choosing HPE ProLiant for Microsoft Azure Stack