Active Directory: Microsoft Azure’s Secret Weapon

In “Public Cloud Computing—Economics and Throats to Choke,” we pointed out that among the big four cloud vendors (Amazon, Google, Microsoft, and VMware), only one vendor offers both a complete on-premises offering and a public cloud offering and, at the same time, has complete technical and economic control of its software stack. That vendor would be Microsoft. In the post, we pointed out that Microsoft was in the unique position of being able to leverage its massive on-premises installed base to feed its cloud business.

The History of Microsoft Azure

When Microsoft launched Azure, it was initially just a PaaS cloud that focused on running .NET applications. Microsoft quickly discovered that the IaaS cloud business was much larger than the PaaS business, and that with .NET they had just a tiny fraction of the PaaS business. In April of last year, Microsoft announced the general availability of the Azure IaaS offering. At this point, you could run any Linux or Windows workload on Azure, and Microsoft was poised to give Amazon a run for its money. In Microsoft Continues to Take Great Strides Forward, we reported that Microsoft was in second place, behind Amazon Web Services (AWS), in a survey of developers that asked where they would put their newly developed cloud-based applications.

This was great progress on the part of Microsoft. It meant that Microsoft was competing effectively in the business of capturing net new deployments of applications to clouds. This is critically important to the long-term future of Microsoft. Why? Because if you are not capturing your share of the new, over time your share of everything will deteriorate, and you will become just another legacy vendor with an installed base to milk for maintenance.

One has to wonder whether this was done on purpose. Did someone high up at Microsoft make a very strategic decision to first go after the new business that was going to Amazon, and only later target Microsoft’s own on-premises installed base? If so, this was a very strategic and very unusual decision. Most companies in such a position would first attempt to bring their existing customers into the new world and then, only after that is done, to target the net new world. But the flaw in that strategy is that if you focus your energies on your installed base, the net new market can run away from you while you are doing that.

So, whether by virtue of some excellent strategic planning or by virtue of luck, Microsoft has gotten itself into a very interesting position. It is capturing its share of the net new cloud deployments, and it still has an on-premises customer base estimated at over 2.5 million customers.

Leveraging Active Directory to Grow Azure

What would it take for Microsoft to entice its customers running Windows and Windows applications to move over to Azure? Well, the first step in that process is to take as much or nearly all of the pain out of that process. This is where Active Directory comes into play. It turns out that most of Microsoft’s customers use Active Directory to authenticate and thereby provide access to applications to the users of those applications.

Now, this is where things get interesting. According to a post on the Active Directory Team Blog, Microsoft has a preview available that allows developers to build directory aware applications. The second phase of this preview will, as the blog explains:

Enable organizations to move their applications to the cloud. Seamlessly synchronizing on-premises schema extensions to Azure AD will allow organizations to leverage investments in on-premises applications as they move to the cloud.

Therefore, it appears that Microsoft is about to resolve the previous incompatibilities between the on-premises Windows Active Directory and the Azure Active Directory. When Microsoft does this, it should then become possible for an on-premises customer running Windows and Windows applications to move those applications to Azure without any impact upon the users and, in fact, without the users even knowing that it has occurred.

Implications for VMware

Right now, VMware does not have a public cloud strategy. If you want to migrate workloads running on vSphere into a true public cloud, your best option is to use Hotlink’s Hybrid Express solution, which will both migrate your VMs over into Amazon and then let you manage them from within vCenter. This is a great solution for the customer, but it represents a real problem for VMware, as each migration constitutes the loss of a workload and ultimately the need for fewer vSphere licenses.

If Microsoft makes it really easy to move both Windows and Linux workloads to Azure, then this opens up an entirely new competitive threat to VMware, because it creates an incentive for customers to migrate on-premises workloads to Hyper-V. This will in turn make it easy to migrate the same workloads to Azure. The bottom line is that the intensity of the competition between VMware and Microsoft is only going to increase.

The only thing that VMware can do about this is to pursue an Azure strategy of its own. That means building its own data centers and running its own software in those data centers without involving third-party cloud operators either technically or financially. This would be a huge change for VMware, but it is probably a necessary one for its long-term survival.

Implications for Amazon

If Microsoft does indeed make it seamless to migrate workloads back and forth between on-premises environments and Azure, it will put into sharp relief Amazon’s lack of a credible on-premises (private cloud) or even hybrid cloud offering. Customers like choices, and they especially like the flexibility to make choices on a case by case basis without going through pain and expense. Amazon’s “public cloud only” approach may start to look weak and limiting in contrast to the flexibility that Microsoft offers.

Amazon is just going to have to decide if it is going to bite the bullet and create a version of its software that can be deployed on premises. The reasons for not doing this (agility and cost of just supporting its own instances) pale in comparison to the need to compete effectively with Microsoft.


Microsoft is going to make it easy to migrate on-premises workloads to Azure through Active Directory. This will force VMware to build a true public cloud and Amazon to offer an on-premises version of its software.