Azure & VMWare - A Discussion with Shannon Kuehn
Chris is joined by Shannon Kuehn, a Senior Cloud Advocate at Microsoft, for an accessible deep dive into Azure VMware Solution (AVS) — the dedicated VMware platform hosted within Azure datacentres.
What’s covered:
- What Azure VMware Solution is: dedicated bare metal nodes running vSphere, ESXi, vCenter, vSAN, and NSX-T inside Azure
- Why organisations on VMware on-premises choose AVS over re-platforming — meeting infrastructure teams where they are
- The AVS architecture: dedicated address space (/22 CIDR), ExpressRoute circuit, and peering into an Azure VNet to unlock integrations
- Networking prerequisites: ExpressRoute Global Reach, BGP routing, and site-to-site VPN as an alternative during setup
- HCX (Hybrid Cloud Extension): site pairings, tunnels, and live vMotion for zero-downtime VM migration from on-premises to Azure
- HCX Advanced (3 site pairings) vs. HCX Enterprise (up to 10 site pairings) licensing
- Azure integrations unlocked by AVS: Azure Security Center, Azure Active Directory, Application Gateway, API Management, and PaaS services via VNet injection
- Infrastructure as Code with Bicep and ARM templates for AVS deployments
- Pricing, regional availability, the AV36 SKU, and the capacity-management subscription whitelisting process
- How Azure ExpressRoute Global Reach pricing reductions are improving the economics of migration
Ideal for infrastructure engineers, cloud architects, and VMware administrators exploring modernisation paths to Azure without a forklift migration.
Related Content
28 - Intro to Landing Zones
What exactly is an Azure Landing Zone, and why does every cloud architect keep talking about it? In this episode, Chris Reddington is joined by Karim Fahmy — an Azure Solutions Architect with over 12 years of IT experience — to demystify Azure Landing Zones and their place within the Cloud Adoption Framework. Learn how landing zones provide the structured foundation covering networking topology, identity, governance, subscriptions, and security that your workloads need to succeed in the cloud. The episode also covers Azure Blueprints, Terraform automation, and real-world strategies for incrementally building and evolving your cloud foundation over time.
23 - Gatekeeper and Valet Key Patterns - Secure your APIs and Resources
Continuing the 'Architecting for the Cloud, one pattern at a time' series, Chris and Peter Piper explore two closely related cloud design patterns for securing APIs and backend resources. The Gatekeeper pattern positions a dedicated host between untrusted clients and trusted backend services — handling authentication, authorization, request validation, protocol translation, and rate limiting. The Valet Key pattern complements it by issuing short-lived, scope-restricted tokens (such as Azure SAS tokens) so clients can access specific resources directly, reducing load on central services without sacrificing security. The episode covers practical implementation options on Azure including API Management, Azure Key Vault, and Azure App Configuration.
14 - The Deployment Stamps Pattern
The Deployment Stamps pattern is a powerful cloud architecture approach for scaling, resilience, and multi-tenancy. In this episode, Chris Reddington is joined by John Downs — who contributed the pattern to the Azure Architecture Center — to explore how stamping out independent copies of your application stack across regions enables geographic distribution, data sovereignty, isolated failure domains, and deployment rings for staged rollouts. Discover when to use this pattern, how Azure itself relies on it internally, and the key considerations around request routing, cross-stamp querying, and disaster recovery planning.