benedetti68 - Fotolia
LAS VEGAS -- AWS executives are quick to say they're more focused on customers than competitors, but the most high-profile release at the cloud provider's annual user conference was influenced by what it perceives as the shortcomings of its rival.
AWS Outposts is Amazon's latest and most emphatic effort yet to tap into the hybrid cloud market. The service, unveiled at re:Invent, brings packaged AWS servers into customers' private data centers, and it immediately drew comparisons to Microsoft Azure Stack. Details on the service are still limited, but there are already signs of notable distinctions between the two products. And, in a rare move, AWS specifically called out Azure Stack and the role it played in the design of Outposts.
"When we say we don't focus on the competition, we really don't. But we also don't ignore the competition," Matt Garman, vice president of compute services at AWS, said in an interview. "We want to learn from them."
Organizations that use Azure Stack have to manage and patch the servers, which is different from how they would operate on the public cloud. They also need to purchase custom hardware and deal with software and operational differences between the environments. For this reason, Garman said customers are not flocking to Azure Stack or similar on-premises products.
"They don't want to have to run the infrastructure themselves," he said. AWS Outposts does remove much of that hands-on management, which could be welcome to those more acclimated to the public cloud model, but worrisome to those familiar with more on-site control.
"If I'm a client and I have an appliance running in my data center or [colocation facility], I want some level of visibility," said Mike Dorosh, a Gartner analyst. "A pure black box may put off some clients."
When Microsoft first disclosed plans for Azure Stack in 2015, it was seen as the vendor's ace in the hole in its bid to catch AWS, which at the time resisted hybrid cloud support and lacked an on-premises relationship with enterprise clients.
But the on-premises version of Microsoft Azure went through a lengthy beta, and Microsoft was criticized when it shifted strategy to work with a handful of OEMs to require certain hardware specs. Microsoft has not released any sales figures for Azure Stack since it became generally available in 2017, but it's not believed to have taken off in the way some industry observers originally expected.
Early on, there were questions about whether Microsoft would achieve feature parity between the public and private versions of its cloud. Ironically, efforts to address those concerns may have hampered Azure Stack's success, according to industry observers. It can be difficult to link the two environments, partly because use cases for public cloud are often very different than what's needed on premises.
"[AWS] talks about serverless functions and massive web scale on demand. Well, you don't have that in an on-prem environment," said Grant Kirkwood, CTO at Unitas Global, a Los Angeles-based hybrid cloud provider that works with AWS and Microsoft. "You've got your 5,000 users, and they're inside your four walls and that's it. Trying to make complete feature parity would be a mistake, and there's not the use case there to support it."
AWS CEO Andy Jassy didn't specifically name any competitors when he discussed Outposts, but he alluded to some of these critiques when asked whether AWS eventually would make the full AWS suite of services available on Outposts.
"Folks that have [attempted full parity] have frustrated customers, and they just haven't gotten the traction that they wanted," he said in a press conference.
Services such as S3, Aurora and DynamoDB are distributed across multiple data centers for fault tolerance and performance, which is fundamentally different than what can be accomplished inside a managed service, such as Outposts, according to AWS. So, while AWS wants the services it does put on Outposts to look and feel just like they would on the public cloud, it doesn't appear the vendor plans to make every one of its services available inside customers' data centers.
"It just doesn't make sense scaled down to a single rack," Garman said. "It's not the design of those services."
When reached for comment, Microsoft said it "set, then raised, the bar in hybrid cloud computing with Azure Stack," though the company did not address any of the specific critiques of the product.
Outposts and Azure Stack differ in design and function
Outposts and Azure Stack appear to be designed for different purposes, Dorosh said. Whereas AWS Outposts will always be connected back to the cloud, Azure Stack was designed for organizations that have compliance demands that require a disconnected or semiconnected model.
Organizations might eventually use Outposts as more of an edge device, similar to AWS Snowball, to pre- or post-process data that's sent back to the cloud, Dorosh said.
Outposts are geared toward workloads that, because of latency concerns, require local compute power. It's more likely to work with services that can maintain the same feel as they have in the public cloud, such as Amazon Relational Database Service or Elastic Block Store for snapshots.
There are several hundred Azure Stack implementations today, but the product mostly serves as a way for Microsoft to get its foot in the door with enterprises that are hesitant about a move to the cloud, Dorosh said. It starts a conversation that gives Microsoft a better sense for customers' actual needs and whether the public cloud could better address them. Ultimately, Outposts may serve the same role for AWS, he added.
Customers will link Outposts to their AWS accounts with the same VPC or Direct Connect, and they'll use the same control plane, APIs, identity and access management roles, and CloudFormation templates. Any services AWS adds to Outposts will work the same, whether they're on premises or in the public cloud, Garman said.
Security will be primarily addressed through the use of AWS' Nitro system, which doesn't rely on the traditional virtualization control plane to manage servers through a single trusted VM. There is no trusted domain on the Outpost servers, and users will access the service through APIs that talk to instances through an encrypted Nitro card.
Of course, things could change between now and when Outposts are expected to be available in 2019, and there are plenty of unanswered questions, including how much the service will cost. AWS has no track record of managing customers' servers outside its own facilities, and there are no hardware or software specs available to fully assess the product's viability. So, it remains to be seen if AWS' perceptions of lessons learned translate to success in yet another piece of the IT market.