What is Azure Red Hat OpenShift?
Azure Red Hat OpenShift (ARO) is a fully managed OpenShift service jointly operated by Microsoft and Red Hat. It combines the enterprise features of Red Hat OpenShift Container Platform with Azure infrastructure, providing a Kubernetes platform with built-in CI/CD, monitoring, and security capabilities. ARO delivers 99.95% SLA backed by both Microsoft and Red Hat.
Key Differentiators from AKS
While AKS provides vanilla Kubernetes, ARO includes integrated developer tools, an application catalog (OperatorHub), built-in container registry, Jenkins/Tekton pipelines, and enterprise support. Organizations running Red Hat Enterprise Linux workloads benefit from consistent tooling across on-premises and cloud environments.
Architecture
ARO clusters run on dedicated Azure VMs with master and worker nodes. The control plane is managed by Microsoft and Red Hat, handling upgrades, patching, and monitoring. Worker nodes run in your subscription, supporting custom VM sizes and disk configurations. Private clusters with Azure Private Link keep all traffic within Azure networks.
Developer Experience
The OpenShift web console provides a graphical interface for deploying and managing applications. Source-to-Image (S2I) builds containers directly from source code without writing Dockerfiles. OpenShift Pipelines (Tekton) provide cloud-native CI/CD. The Operator Framework automates application lifecycle management.
Security and Compliance
Security Context Constraints (SCCs) enforce pod security policies more strictly than standard Kubernetes. Built-in OAuth server integrates with Azure AD for authentication. Network policies with OpenShift SDN or OVN-Kubernetes control pod-to-pod communication. ARO has achieved FedRAMP High, SOC 2, and ISO 27001 certifications.
Migration Path
- Existing OpenShift workloads migrate with minimal changes using oc CLI
- Docker/Kubernetes workloads can deploy directly to ARO
- Use Azure Migrate for assessment and planning
Cost Considerations
ARO includes the OpenShift license in the compute price. A standard 3-worker-node cluster costs approximately $1,500-2,000/month depending on VM sizes. Annual commitments and Reserved Instances reduce costs by 30-50%. Compare total cost with separate AKS + OpenShift license scenarios.
Key Features and Capabilities
The following are the core capabilities that make this technology essential for modern cloud infrastructure:
Jointly Managed
Microsoft and Red Hat co-manage the control plane, providing 99.95% SLA with automated patching, upgrades, and monitoring requiring no customer Kubernetes expertise
OpenShift Developer Console
Web-based IDE experience with source-to-image builds, integrated Git workflows, topology visualization, and one-click deployment from source code repositories
Operator Framework
Red Hat certified operators from OperatorHub install production-grade databases, message queues, monitoring tools, and service meshes with lifecycle management
Built-In Security
Security Context Constraints (SCCs) enforce pod security baselines stricter than Kubernetes defaults, with integrated image scanning and signature verification
Red Hat Middleware
Optimized runtimes for JBoss EAP, AMQ Streams (Kafka), Data Grid, and 3scale API Management with Red Hat support and certified container images
Real-World Use Cases
Organizations across industries are leveraging this technology in production environments:
Enterprise Java Migration
A financial institution migrated 200 JBoss EAP applications to ARO, reducing operating costs by 40% while maintaining Red Hat enterprise support contracts
ISV Platform
A SaaS provider hosts customer workloads on ARO, using OpenShift namespaces for tenant isolation with network policies and resource quotas per customer
Hybrid Cloud Strategy
A retailer runs OpenShift on-premises for PCI-compliant workloads and ARO in Azure for customer-facing applications, with consistent tooling across both
CI/CD Platform
OpenShift Pipelines (Tekton) and GitOps (ArgoCD) provide standardized build-deploy-monitor workflows for 50 development teams across the organization
Best Practices and Recommendations
Based on enterprise deployments and production experience, these recommendations will help you maximize value:
- Choose ARO when your organization is invested in Red Hat ecosystem (JBoss, Ansible, RHEL) or needs Operator Framework and certified middleware
- Plan networking carefully: ARO requires a VNet with dedicated subnets for master (/27) and worker (/24) nodes with no other resources attached
- Use OpenShift GitOps (ArgoCD) from the start for declarative, auditable deployments — avoid manual oc apply in production environments
- Leverage Operator Framework for stateful services (PostgreSQL, Kafka, Elasticsearch) rather than Helm charts — operators handle backup, scaling, and upgrades
- Set resource quotas and limit ranges per namespace to prevent noisy neighbor problems in multi-tenant clusters
- Monitor cluster health through the built-in Prometheus and Grafana stack — create custom alerts for namespace-level resource saturation
Frequently Asked Questions
What is the difference between ARO and AKS?
ARO provides OpenShift experience with Red Hat operators, stricter security defaults (SCCs), web console, and joint Microsoft/Red Hat support. AKS is vanilla Kubernetes with Azure-native integrations, lower cost, and broader ecosystem flexibility. Choose ARO for enterprise Red Hat shops, AKS for cloud-native teams.
How much does ARO cost?
ARO pricing combines Azure VM costs plus OpenShift licensing at ~$0.35/hour for the cluster management fee. A typical 3-worker-node production cluster (D8s v3) costs approximately $2,500-$3,000/month. This includes Red Hat support and joint SLA, which would cost significantly more to self-manage.
Can I run Windows containers on ARO?
ARO supports Windows worker nodes (preview), enabling .NET Framework applications alongside Linux workloads. Windows nodes run as machine sets with Windows Server 2019/2022. However, Linux containers on ARO offer better performance and broader operator compatibility.
