Demystifying Azure VMware Solution: From Implementation to Workload Migration – Part 2

Deep Dive into the AVS Architecture

Introduction

In a hybrid cloud strategy, a robust and resilient infrastructure is paramount to ensure that mission-critical workloads remain highly available and performant. Azure VMware Solution (AVS) enables organisations to seamlessly run their VMware-based workloads on Azure’s dedicated infrastructure. By integrating proven VMware technologies such as vSphere, vSAN, NSX, and vCenter with Azure’s global networking and security capabilities, AVS supports a truly hybrid environment that delivers enterprise‑grade reliability.

In this post, we’ll take an in-depth look at the AVS architecture. We’ll break down the core components that make up AVS, explain how they work together to deliver high availability and resiliency, and examine how Azure’s SLAs for AVS are derived from its underlying architecture.

Deep Dive into the AVS Architecture

Azure VMware Solution brings together a robust set of VMware tools with Azure’s scalable, managed infrastructure. Let’s explore the key components:

Dedicated Hosts and Clusters

  • Dedicated Hosts:
    Reserved physical servers whose exclusive use is allocated for your workloads. This not only ensures isolation and predictable performance but also simplifies compliance and security.

  • Clusters:
    Multiple dedicated hosts are organised into clusters that distribute workloads across several machines. This clustering provides inherent redundancy—if one host fails, the remaining hosts can continue supporting the application.

VMware Core Components

  • vSphere:
    The virtualisation platform that manages the creation and operation of Virtual Machines.

  • vSAN:
    A software-defined storage solution that pools local storage across hosts to form a distributed datastore, ensuring data is resilient by replicating across multiple hosts.

  • NSX:
    The network virtualisation layer that provides advanced networking features such as micro-segmentation, load balancing, and dynamic routing.

  • vCenter:
    The centralised management console that administers the entire VMware environment and integrates with Azure’s management tools.

Integration with Azure Virtual Networks and On-Premises Environments

AVS connects seamlessly to Azure Virtual Networks, extending your on‑premises network into Azure. This integration enables secure communications across environments, supporting both VPN Gateways and ExpressRoute. It allows you to protect data flows with policies, Network Security Groups, and firewalls while ensuring operational continuity.

High-Level AVS Architecture Diagram

Below is a high-level diagram that illustrates the key components of the AVS architecture:

AVS HubAnd Spoke Architecture

The architecture has the following main components:

  • On-premises site: Customer on-premises datacenter(s) connected to Azure through an ExpressRoute connection.
  • Azure VMware Solution private cloud: Azure VMware Solution Software-Defined Data Center formed by one or more vSphere clusters, each one with a maximum of 16 hosts.
  • ExpressRoute gateway: Enables the communication between Azure VMware Solution private cloud, shared services on Hub virtual network, and workloads running on Spoke virtual networks via an ExpressRoute Connection.
  • ExpressRoute Global Reach: Enables the connectivity between on-premises and Azure VMware Solution private cloud. The connectivity between Azure VMware Solution and the Azure fabric is through ExpressRoute Global Reach only.
  • S2S VPN considerations: Connectivity to Azure VMware Solution private cloud using Azure S2S VPN is supported as long as it meets the minimum network requirements for VMware HCX.
  • Hub virtual network: Acts as the central point of connectivity to your on-premises network and Azure VMware Solution private cloud.
  • Spoke virtual network
    • IaaS Spoke: Hosts Azure IaaS based workloads, including VM availability sets and Virtual Machine Scale Sets, and the corresponding network components.
    • PaaS Spoke: Hosts Azure PaaS services using private addressing thanks to Private Endpoint and Private Link.
  • Azure Firewall: Acts as the central piece to segment traffic between the Spokes and Azure VMware Solution.
  • Application Gateway: Exposes and protects web apps that run either on Azure IaaS/PaaS or Azure VMware Solution virtual machines (VMs). It integrates with other services like API Management.

Achieving High Availability and Resiliency

The interplay among these components delivers enterprise‑grade resiliency:

  • Redundancy:
    Clustering dedicated hosts minimizes the risk of a single point of failure. Should one host or zone experience issues, another can take over without service disruption.
  • Integrated Management:
    vCenter provides the centralised control necessary to monitor and manage the environment, while Azure Virtual Networks facilitate secure hybrid connectivity.
  • Data Protection:
    vSAN ensures that data is distributed and replicated across hosts, providing durability even when individual components fail.
  • Network Resiliency:
    NSX offers dynamic networking and advanced security, ensuring that network connectivity is maintained even under adverse conditions.

Together, these elements underpin AVS’s ability to achieve the high SLAs promised by Azure.

Conclusion

A deep understanding of the underlying architecture is critical to leveraging Azure VMware Solution effectively. AVS seamlessly integrates key VMware technologies with Azure’s robust infrastructure, delivering enhanced availability, resiliency, and security for your hybrid workloads. By deploying dedicated hosts in clusters, utilising vSphere, vSAN, NSX, and vCenter, and integrating with Azure Virtual Networks for hybrid connectivity, organisations can design environments that meet the rigorous SLAs demanded by modern enterprise applications.

In our next instalment, we will discuss the initial implementation phase and provide a step‑by‑step guide to setting up your first AVS environment. Stay tuned as we continue our journey from deployment to workload migration.

Learn More