Azure Stack Hub Pricing and Features: Run Apps in an On-Premises Environment
Azure Stack Hub is an integrated hardware and software system that extends Azure services into your own datacenter, enabling you to build and run cloud applications in an on-premises environment. It delivers a consistent Azure experience with the same APIs, tools, and portal used in the public cloud while keeping data and workloads under your physical control. EPC Group has implemented Azure Stack Hub for government agencies, defense contractors, and financial institutions where data sovereignty and air-gapped operations are mandatory requirements.
Overview of Azure Stack Hub
Azure Stack Hub is a full Azure cloud platform delivered as an integrated system from Microsoft hardware partners. Unlike Azure Stack HCI, which focuses on virtualization and hyperconverged infrastructure, Azure Stack Hub provides a complete Azure resource provider experience including App Services, Azure Functions, Kubernetes, SQL databases, and Azure Marketplace resources—all running in your datacenter.
The platform is available in connected mode (continuous Azure connectivity) and disconnected mode (air-gapped for classified or highly regulated environments). This makes it the only Azure hybrid offering that supports fully disconnected operations, which is critical for military, intelligence, and certain financial compliance scenarios.
- Consistent Azure APIs: Use the same ARM templates, SDKs, and CLI commands as public Azure
- Self-service portal: Tenants provision resources through a familiar Azure portal experience
- Multi-tenant architecture: Support multiple departments or customers with isolated subscriptions
- Disconnected operation: Full functionality without internet connectivity for air-gapped environments
- Azure Marketplace: Access a curated set of marketplace items including VM images, extensions, and solution templates
Key Features
- IaaS: Windows and Linux virtual machines with availability sets and scale sets
- PaaS: App Service (Web Apps, API Apps, Functions), Azure Kubernetes Service, Event Hubs
- Data services: SQL Server resource provider, MySQL resource provider, and Azure Storage (blob, table, queue)
- Networking: Virtual networks, load balancers, VPN gateways, and network security groups
- Identity: Azure AD and AD FS support for authentication and RBAC
- Security: Encrypted data at rest, TLS in transit, key vault for secrets management
- Operator portal: Separate administration portal for capacity management, quotas, and billing
- Update engine: Microsoft-delivered update packages applied through a controlled process
- Usage tracking: Metering and usage reporting for chargeback and billing scenarios
Pricing Tiers
Azure Stack Hub pricing includes two components: the hardware investment from your OEM partner and the Azure software subscription fees.
Hardware (Capital Expenditure)
- Integrated systems from Dell, HPE, Lenovo, Cisco, and Huawei
- Minimum 4-node configuration; scales to 16 nodes per scale unit
- Starting price varies by OEM and configuration (typically $200K+ for entry-level systems)
- Includes server hardware, networking, and rack infrastructure
Pay-As-You-Use Model (Connected)
- Billed through your Azure subscription based on actual resource consumption
- VM pricing comparable to Azure public cloud rates (varies by size)
- App Service, Azure Functions, and other PaaS services billed per-instance
- Storage billed per GB stored
Capacity Model (Disconnected)
- Annual per-core licensing fee for disconnected/air-gapped environments
- Fixed cost regardless of resource consumption
- No Azure connectivity required for billing
- Enterprise Agreement required
Enterprise Use Cases
- Government classified workloads: Air-gapped Azure Stack Hub in IL5/IL6 environments for defense and intelligence agencies
- Financial services: Data sovereignty requirements that mandate on-premises processing with Azure-consistent development tools
- Healthcare: PHI processing on-premises with the ability to use Azure PaaS services without data leaving the facility
- Edge locations with latency requirements: Factory floors, offshore platforms, or remote sites that need local cloud services
- Service provider hosting: Multi-tenant Azure environments for managed service providers offering IaaS/PaaS to customers
- Application modernization: Lift-and-shift on-premises apps to Azure Stack Hub as a stepping stone to full cloud migration
Integration with Other Azure Services
- Azure DevOps: CI/CD pipelines that deploy to both Azure Stack Hub and public Azure from the same codebase
- Azure Active Directory: Unified identity and access management across cloud and on-premises
- Azure Monitor: Centralized monitoring and alerting when connected to Azure
- Azure Security Center: Threat detection and security posture management for connected deployments
- Azure Site Recovery: VM replication between Azure Stack Hub and public Azure for disaster recovery
- Azure Backup: Backup Azure Stack Hub VMs and data to Azure Recovery Services vaults
- Azure Key Vault: Consistent secrets management across hybrid environments
Best Practices for Enterprise Deployments
- Plan capacity carefully: Azure Stack Hub hardware is a significant investment; model workloads before selecting node count and specs
- Design for multi-tenancy: Use plans, offers, and quotas to manage resource consumption across departments or customers
- Establish update cadence: Microsoft releases monthly updates; plan maintenance windows and test in a dev environment first
- Implement chargeback: Use the built-in usage API to track consumption and charge back to business units
- Build hybrid CI/CD: Design deployment pipelines that target both Azure Stack Hub and public Azure for portability
- Plan for disconnected scenarios: If using disconnected mode, establish processes for offline updates and marketplace syndication
- Secure the operator environment: Limit access to the operator portal, hardware lifecycle host, and privileged endpoint
- Document disaster recovery: Plan for hardware failures, site recovery, and complete rebuild scenarios
Why Choose EPC Group for Azure Stack Hub
EPC Group's 28+ years of enterprise Microsoft consulting includes deep expertise in hybrid cloud architectures and on-premises Azure deployments. We have designed and deployed Azure Stack Hub solutions for government agencies requiring air-gapped operations, healthcare organizations processing PHI on-premises, and financial institutions with strict data residency requirements.
Our team handles the complete lifecycle from initial capacity planning and OEM hardware selection through deployment, application migration, and ongoing operations. We work with your security and compliance teams to ensure Azure Stack Hub meets your organization's regulatory requirements, whether that is HIPAA, FedRAMP, SOC 2, or DoD IL5/IL6.
Ready to Deploy Azure Stack Hub?
Contact our hybrid cloud architects for a free assessment of your on-premises Azure requirements. We will evaluate your workload profile, compliance needs, and connectivity constraints to recommend the optimal Azure Stack Hub configuration.
Frequently Asked Questions
What is the difference between Azure Stack Hub and Azure Stack HCI?
Azure Stack Hub is a complete Azure cloud platform running in your datacenter with IaaS, PaaS, and marketplace services. Azure Stack HCI is a hyperconverged infrastructure OS focused on running VMs and containers. Choose Hub when you need Azure PaaS services or disconnected operations; choose HCI when you need modern virtualization with Azure management.
Can Azure Stack Hub run completely disconnected from the internet?
Yes. Azure Stack Hub is the only Azure hybrid solution that supports fully air-gapped operation. In disconnected mode, you manage the environment entirely through local tools, apply updates via offline packages, and use the capacity pricing model. This is the deployment model used by defense and intelligence agencies for classified workloads.
What Azure services are available on Azure Stack Hub?
Azure Stack Hub supports VMs (Windows and Linux), Azure App Service (Web Apps, API Apps, Functions), Azure Kubernetes Service, Event Hubs, Key Vault, Storage (blob, table, queue), SQL and MySQL database resource providers, and virtual networking. The service catalog is smaller than public Azure but covers the core IaaS and PaaS capabilities most enterprises need.
How is Azure Stack Hub updated and maintained?
Microsoft releases monthly update packages that include security patches, bug fixes, and new features. Operators apply updates through the administration portal or PowerShell. Updates are applied node by node with automatic rollback if issues are detected. For disconnected environments, update packages are downloaded separately and applied via offline media.
Is Azure Stack Hub FedRAMP certified?
Azure Stack Hub inherits Azure's FedRAMP High authorization for the software components. However, achieving full FedRAMP compliance for your deployment also depends on the physical facility, operational procedures, and configuration. EPC Group has experience helping government agencies achieve and maintain FedRAMP compliance for Azure Stack Hub deployments.