Is cloud storage more expensive than hardware?  Probably not.

Recently I’ve been hearing a lot of “the cloud is too expensive” and “hardware is a better deal,” which really makes me want to pontificate. Total cost of ownership is never easy to calculate, and it’s understandable why cloud pricing can feel shocking when it’s presented as a simple monthly number. But when we break down what organizations pay for—whether they realize it or not—the comparison becomes far more nuanced.  Hoping to demystify the cost comparison, I’ve written this post for infrastructure and IT leaders who are asked to justify cloud storage costs against traditional hardware purchases.

You Pay for What You Control

Cloud storage often looks expensive because it exposes costs that on‑premises environments quietly hide. When you compare total cost of ownership—not just raw capacity—the story changes.

Let’s start with a simple analogy, taken from a familiar example: pizza. Making pizza at home, picking it up partially prepared, ordering delivery, or dining out all result in the same end product—but the cost structure and responsibility change dramatically. Some options give you maximum control, others trade that control for convenience, consistency, and predictability. Infrastructure works the same way.

The yellow boxes are not only managed by the customer, but paid for by the user.  This means you have the control over the item – brand, size, age, price, makeup, etc.  It’s the ultimate ability to customize, but it comes with a lot of management overhead.

Figure 1- https://pragmaticworks.com/blog/this-week-in-data-pizza-and-the-cloud

The cloud isn’t expensive because it’s inefficient; it’s expensive because it bundles costs that on‑premises environments often hide, underestimate, or defer. Hyperscalers also purchase hardware in huge volumes giving them steep discounts.  To see why, we need to look beyond hardware alone and examine what we’re really paying for.

Now let’s apply this to Azure NetApp Files (ANF).  Azure NetApp files is a PaaS storage service.  With ANF, teams no longer manage storage firmware, controller upgrades, hardware refresh cycles, performance tuning under failure scenarios, or capacity planning against physical constraints.

And this table isn’t complete, it should also include:

  • Electricity (40-60% of the total cost of a data center)
  • Cooling – Chillers, HVAC, and/or liquid cooling for high-performance systems
  • Labor – Network operations, server operations, facilities maintenance, cleaners
  • Network equipment
  • Uninterrupted Power Supplies
  • Security Systems and staff
  • Generators + Fuel
  • Fire suppression systems
  • Building rental + Parking
  • Building out a data center – raised floors, additional power, etc.

In infrastructure terms: availability engineering, performance headroom, patching, lifecycle management, and incident response need to be considered —they’re either handled explicitly or quietly absorbed by your team.

1yr TCO

Once you account for those operational realities, the cost comparison becomes less theoretical. Let’s look at what this actually means for a typical 100TB deployment.  On-premises, your costs would look something like this:

Total Estimated First‑Year Cost for 100TB SAN/NAS

Now this is a large range, but that range isn’t a weakness of the estimate—it’s a reflection of how unpredictable on‑premises storage economics are once utilization, growth, and failure scenarios are considered.

Now compare that to Azure NetApp Files (ANF) which offers predictable pricing.

Total Estimated First‑Year Cost for 100TB ANF, East US

5yr TCO

With hardware, you must buy a large enough device to last the lifespan of the hardware.  Let’s consider a customer who starts with 100TB, grows 20% a year, and is comparing hardware and ANF to host their storage.

But realistically, since storage moves from cool to hot in a matter of seconds, most customers end up tiering 75%-80%!  Let’s look at the numbers with 75% tiered to cool.

The tables above show that ANF can be more expensive, but more likely it will be cheaper than hardware.  Additionally instead of paying up front you pay monthly giving you more flexibility should growth rates change.

Conclusion

When people claim that cloud storage is more expensive than hardware, they’re often not wrong in a narrow, line‑item comparison. But that comparison rarely reflects equivalent costs. On‑premises storage absorbs power, cooling, facilities, labor, maintenance, and operational risk in ways that are difficult to quantify—and very easy to overlook. Cloud pricing, by contrast, makes those costs explicit.

When you factor in the full operational footprint, services like Azure NetApp Files stop looking disproportionately expensive and start looking predictable. That predictability—along with reduced operational burden and faster time to value—is what organizations are actually buying. The question, then, isn’t whether cloud storage costs more than hardware. It’s whether organizations are comparing the same thing at all.

For technical teams, this isn’t just a pricing discussion—it’s a decision about where operational complexity should live. Azure NetApp Files makes that complexity explicit, priced, and predictable instead of implicit, fragmented, and risky.  Before declaring cloud storage “too expensive,” ask whether your comparison includes the costs you’ve already normalized.

TL;DR

Cloud storage often looks more expensive than buying hardware when you compare only capacity prices. But once you factor in power, cooling, facilities, labor, maintenance, and operational risk, cloud services like Azure NetApp Files offer a more predictable—and often more comparable—total cost of ownership.  Add in the volume purchasing power of hyperscalers and individual organizations have a hard time competing.

Why Organizations Move to the Cloud with NetApp

State, Local Government, and Education (SLED) organizations are under pressure to modernize services, strengthen resilience, and operate within tight budgets. Cloud adoption is accelerating—but not all storage is created equal. NetApp’s Azure‑native storage solutions (Azure NetApp Files and Cloud Volumes ONTAP) give agencies the performance, security, and operational simplicity they need to modernize without disruption.

Student Information Systems & Learning Platforms

Education workloads experience extreme seasonal spikes—registration, grading, testing, and LMS usage.
NetApp Advantage: Elastic performance, predictable low latency, and instant snapshots ensure uptime during peak periods without overprovisioning hardware.

Public Safety & Justice Systems (CJIS‑Aligned)

Courts, law enforcement, and public safety agencies require strict data protection and rapid recovery.
NetApp Advantage: Immutable snapshots, encryption, and replication support CJIS compliance while enabling fast, testable cloud‑based disaster recovery.

Cloud‑Based Disaster Recovery for On‑Prem Systems

Many SLED organizations cannot justify a secondary datacenter.
NetApp Advantage: SnapMirror replication to the cloud provides low‑cost, highly reliable DR with fast failover—no additional physical infrastructure required.

Virtual Desktops for Remote Workers & Field Staff

VDI demand fluctuates during emergencies, elections, weather events, and academic cycles.
NetApp Advantage: High‑performance storage ensures consistent user experience, while autoscaling eliminates the need to size on‑prem hardware for peak load.

Data Governance, Compliance & Long‑Term Archiving

Agencies must retain public records, student data, and body‑cam footage for years or decades.
NetApp Advantage: Automated tiering reduces cost, while classification tools improve visibility, compliance, and audit readiness.

Help!  SANs keep getting more expensive

SAN refresh cycles were already painful—now they’re becoming unpredictable and prohibitively expensive. With memory and storage prices spiking faster than most IT budgets can adapt, many organizations are being forced to rethink how and where their data lives.  If you manage on‑premises SAN infrastructure—or are facing an upcoming refresh—this shift in storage economics directly affects your roadmap.

Background

Hardware prices have risen sharply over the past year because memory and storage costs have spiked at unprecedented levels, driven by AI‑driven demand and severe DRAM/NAND shortages. Major OEMs—including Dell, Lenovo, HP, and HPE—are implementing 15%+ server price increases as memory makers shift production toward high‑bandwidth AI components, leaving commodity DRAM and SSDs in short supply.

This same pressure is hitting storage infrastructure: SAN hardware costs are rising as HDDs, SSDs, controllers, and networking components all inherit the same supply‑chain inflation, with vendors warning that cost increases are “more dramatic than any player can mitigate.”

Note: I specialize in NetApp Azure solutions so examples will be Azure solutions.

It’s time to leverage the Cloud!

Shifting storage to Azure means you’re no longer stuck buying big SAN refreshes or guessing how much capacity you’ll need years from now. Instead, you scale up or down on demand, pay only for what you use, and get built‑in security, backup, and high availability without adding more tools or hardware. With on-premises storage getting pricier and harder to maintain, Azure gives you a cleaner, more flexible foundation that grows with your organization.

There are several ways to leverage the cloud – from low effort to high effort.  Below are some key options to get you thinking.

Cloud Tiering

Cloud tiering is compelling when SAN hardware prices are rising and budgets are tight—it lets you extend the life of your existing investment while shifting growth to a more flexible, cost‑efficient platform

When cloud tiering makes the biggest impact

  • SANs nearing capacity or approaching a refresh cycle
  • Workloads with large amounts of cold or archival data
  • Organizations facing rising SSD/HDD and controller costs
  • Environments where data growth is unpredictable
  • Teams trying to stretch existing infrastructure

For many teams, this approach delays a SAN refresh by years while giving them immediate breathing room for growth.

Moving DR Storage into the Cloud

Moving DR data into the cloud helps you sidestep SAN refreshes because you’re no longer trying to squeeze years of backup copies, replicas, and retention policies onto hardware that was never designed to grow at cloud scale. Instead of buying a second SAN—or expanding the one you already have—your DR footprint shifts to a platform where capacity, durability, and geographic redundancy are already built in.  And you can by moving DR into the cloud, existing DR hardware can be used for production data.

Why cloud‑based DR takes pressure off your SAN

  • No more duplicate hardware — Traditional DR means buying a second SAN just to hold copies of data you hope you never need. Cloud DR replaces that with managed multi‑copy storage across zones or regions.
  • Capacity growth stops driving hardware purchases — As production data grows, DR copies grow too. Cloud storage absorbs that growth instantly, so you’re not adding shelves, controllers, or SSDs just to keep up.
  • Refresh cycles shift to the cloud provider — SAN refreshes are expensive and unavoidable on-premises. In the cloud, the provider handles hardware lifecycle behind the scenes, so your DR environment is always on modern infrastructure without you buying anything.
  • Built‑in durability and geographic protection — Cloud redundancy tiers (like zone‑redundant or geo‑redundant storage) give you protection that would require major infrastructure investment if you tried to build it yourself.

Store Backups in the Cloud

Most enterprise backup solutions have an option to store backups in the cloud.  If you’re not already leveraging this feature, it’s a great way to reduce your on-premises footprint.

Moving backups into a cloud tier takes a lot of pressure off your on-premises storage because you’re no longer forcing your SAN to hold years’ worth of data that rarely gets touched. Most restores come from the newest backups, so keeping only that “hot” layer on local hardware and letting the cloud absorb everything older gives you room to breathe, stretches the life of your existing arrays, and avoids the cycle of buying more shelves or controllers just to keep up with retention policies.

Why cloud‑tiered backups feel lighter to manage

  • You free up expensive SAN space — Older backups move to low‑cost cloud storage, so your SAN isn’t clogged with data you almost never restore.
  • You avoid big hardware purchases — Instead of expanding your array every time retention grows, the cloud simply scales with you.
  • You shift from capex to predictable opex — Cloud tiers turn “surprise” storage purchases into steady, usage‑based costs.
  • You get built‑in durability — Cloud storage automatically keeps multiple redundant copies, giving you off‑site protection without extra infrastructure.
  • You simplify lifecycle management — Policies can automatically move backups as they age, so you’re not manually juggling storage tiers.

Archival, cold, or low‑change datasets

Data that isn’t frequently accessed—archives, backups, compliance records, and historical logs—is often the simplest to migrate because it doesn’t require tight latency or real‑time synchronization. These datasets benefit immediately from cloud durability and low‑cost storage tiers, and they avoid the complexity of moving active, constantly changing workloads.

What to consider next

The biggest differentiator isn’t the data itself but how tightly it’s tied to on‑premises applications. Start with data not tightly coupled with on-premises applications.  Then consider moving applications with large datasets to get the biggest storage space savings for your effort.

Once organizations decide to shift some storage responsibility to the cloud, the next question becomes how to do it without disrupting existing workflows or retraining teams.

NetApp Azure Options

Cloud Volumes ONTAP

Cloud Volumes ONTAP on Azure is essentially a way to bring the ONTAP experience you already know into the cloud, so your data behaves the same whether it’s on-premises or in Azure. Instead of refactoring apps or juggling different storage tools, you get a familiar set of features—NFS, SMB, iSCSI, snapshots, replication, and efficiency—running as a software‑defined storage layer on Azure. It gives you the flexibility of cloud infrastructure with the comfort and control of ONTAP’s data services.

What it actually gives you in Azure

  • A consistent storage experience — Your apps can use the same protocols and workflows they use on-premises, which makes migrations and hybrid setups feel much smoother.
  • Built‑in efficiency — Thin provisioning, dedupe, compression, and automated tiering help keep cloud storage costs in check without you having to constantly tune things.
  • Strong data protection — Snapshots, replication, and ransomware‑resilience features come along for the ride, so you don’t lose the safety net you rely on in your datacenter.
  • Hybrid mobility — SnapMirror lets you move data back and forth between on-premises ONTAP and Azure, which is great for DR, cloud bursting, or testing workloads without committing to a full migration.
  • High availability for real workloads — Databases, business apps, DevOps pipelines, and Kubernetes clusters can all run on CVO with the performance and reliability they expect.

Azure NetApp Files

Azure NetApp Files is an Azure‑native, high‑performance file service that gives you the feel of on-premises enterprise storage without the hardware, making it easy to run demanding workloads in the cloud using the same NFS and SMB protocols you already rely on. It delivers all‑flash performance, sub‑millisecond latency, and multiple performance tiers you can switch between on the fly, so you can match cost and performance as your needs change. It’s designed for everything from home directories and shared file services to databases and HPC, and it supports both Linux and Windows workloads without refactoring.

What makes it easy to work with

  • It behaves like the storage you already know — You can lift‑and‑shift apps into Azure without changing how they access data, thanks to full NFS, SMB, and dual‑protocol support.
  • Performance is built in — ANF runs on bare‑metal flash inside Azure, giving you on-premises‑level speed for latency‑sensitive workloads.
  • You can scale without planning hardware — Volumes grow from tens of GiB to 100 TiB with no downtime, and you can adjust performance tiers instantly.
  • Data protection comes with the service — Snapshots, availability zones, and integrated security features help keep data safe without extra tools.
  • Price Protection with Reserved Capacity – Capacity can be reserved for 1 or 3yr terms to lock in prices and protect against potential increases. They are available in 100TiB and 1PiB increments.

Next Steps

As SAN hardware costs continue to rise, the question isn’t whether storage strategies need to change—it’s how quickly organizations can adapt without increasing risk or complexity.

If you’re worried about increasing SAN hardware prices, it’s time to start planning NOW.  Reach out to your NetApp Azure seller and/or your Microsoft Azure contact to review options and see what the best options for your organization are.

Azure EA Portal – Account Owner must be Unique

Just want to fill in a gap in our public documentation.  The Account Owner ID (displayed as email address) must be unique across the Azure environment (i.e. unique across the entire public cloud or the entire Azure Government cloud).

This is because subscriptions created by the Account Owner inherit settings like enrollment ID, AD tenant, etc. from the Account Owner.  If the Account Owner sits in two enrollments, the subscription won’t know which to inherit from.

Explained: Azure Enrollments, Tenants, and Subscriptions

When my customers get started with Azure, one of the first things that trips them up is the terminology.  This is a quick primer of the terms you’ll encounter as you begin your journey.

Azure Enrollment

The Azure enrollment is an Azure usage agreement often tied to an Microsoft Enterprise Agreement.  One enrollment = one bill.  Under the enrollment you create Azure accounts, subscriptions, and ultimately resources (VMs, storage, DBs).

https://docs.azure.cn/en-us/articles/azure-global-purchasing-guidance/go-global-playbook-purchase-process-of-enterprise-azure

Azure Tenant

A tenant is a instance of Azure Activity Directory (AAD).  A tenant is similar to a Windows AD domain.  Within the AAD you can have users, groups, etc.  Each instance of Azure, O365, Dynamics, etc. requires a tenant.  These tenants can be shared or you can use a unique instance for each one.

*each subscription can use a separate tenant*

https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant

Azure Subscription

An Azure subscription is the unit where all resources (VMs, DBs, etc.) reside.  The this is the highest level in an enrollment that can incur charges.  A subscription is equivalent to an AWS account.

image

see also https://docs.microsoft.com/en-us/office365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings

Azure Disk Encryption (ADE) vs Storage Service Encryption (SSE)

When talking about VM data encryption a lot of customers start looking at Azure Disk Encryption (ADE) and Storage Service Encryption (SSE).  These two offerings are similar, but unique.  Whether you stick with SSE (always enabled) or add ADE on top is up to you – really it depends on your security needs and design.

Below is my quick breakdown of the pros and cons to help you decide what is the best design for your organization.

SSE (default)

ADE

and thanks for Eric Marks for raising this question!

Free Azure Training Resources

When you’re getting started with Azure there is so much to learn and so little time!  Below is a quick summary of the resources I recommend to my customers as they start ramping.

Azure Hybrid Use Benefit – Staying Compliant

Update 08/30/2019 – see also https://docs.microsoft.com/en-us/windows-server/get-started/azure-hybrid-benefit#how-to-maintain-compliance

Hopefully by now you are familiar with the Azure Hybrid [Use] Benefit (https://azure.microsoft.com/en-us/pricing/hybrid-benefit/) which allows you to save ~45% off the list price for Windows VMs, SQL VMs, and Azure SQL in Azure.  For those organizations with an Enterprise Agreement that includes Software Assurance this is an easy way save in Azure.

Microsoft doesn’t talk as much about staying compliant – i.e. not using more licenses than your agreement provides.

As the customer, it is your responsibility to stay in legal compliance with your license agreement.  While we don’t have a single tool to facilitate this “true up” (after all, the licenses span Azure and your other environments), we do have a high-level process and clear ways to track AHUB usage.

1.  Check in Azure to see how many AHUB cores are deployed per https://docs.microsoft.com/en-us/windows-server/get-started/azure-hybrid-benefit#how-to-maintain-compliance

2.  Using your own tools, scan your other environments (on-premises and other clouds) to determine how many licenses are consumed outside Azure

3.  Review your agreement and see how many licenses you have paid for

Then simply do the math.

Licenses Paid – licenses used = Licenses remaining

If you used more licenses that you have paid for, you must purchase more licenses or turn off the Hybrid Use Benefit on servers that are in excess of your agreement (see https://www.youtube.com/watch?v=YPv5SpTbzWs&t=23s for instructions).

This is something that will be discussed at enterprise enrollment renewal – but ultimately it is YOUR RESPONSIBILITY to stay in compliance at all times.

Azure Design Considerations–Enrollments, Subscriptions, and Resource Groups

When I first meet with new Azure EA customers, one of their first topics is “how do I set this up?”  Azure is very flexible, but this means you have design decisions to make:

  • how many enrollments do I need?
  • should I use departments?
  • should I separate teams using subscriptions or resource groups?
  • where do I apply RBAC (define access)?

While there are wrong answers, there is no one right answer.  Each organization will need to evaluate their needs, organizational structure, and use case(s) to see what works best for them now.  And if things change in the future, this design should change too.

Let’s break down the different control points.

image

First off, consider if multiple enrollments are needed or if multiple subscriptions within a single enrollment will suffice.

Subscriptions Enrollments
Separate Invoice X
Able to view charges at this level X X
Can use unique AAD Tenant X X
Can view charges in EA Portal X X
Can share an ExpressRoute X X
Simple to Administer X

Then consider how to further separate resources leveraging subscriptions and resource groups:

Resource Groups Subscriptions
RBAC supported X X
Easy to view Billing X (in Azure portal only) X (in EA and Azure portal)
Resource can be shared across X (natively) Requires additional configuration and only some resources are supported
Azure Policy supported X X
Best for Sandbox X
Best for restricting access in a common environment (i.e. PROD) X
Simpler to Administer X Multiple subscriptions create administrative overhead
Can share a single ExpressRoute X X

Keep in mind subscriptions can be grouped and administered in a hierarchy using Azure Management Groups (https://docs.microsoft.com/en-us/azure/governance/management-groups/).  Management groups allow you to set Azure Policy and RBAC centrally for governance with low overhead support.

image

Finally, in the EA portal itself make sure you are thoughtful in how roles are assigned and controlled.:

image

That’s my two cents on how to get started, but keep in mind this is a journey.  I recommend lots of whiteboard sessions to play with the different options and then test them out again real-world use cases.  The best designs appropriately limit access but are easy to implement and maintain.

Choosing the right Azure Environment – Should I use the Public or the Government Cloud?

One of the first things I discuss with new government customers is where they want to deploy – Azure Commercial (aka the public cloud) or Azure Government.  Many organizations feel that they should “obviously” be in the government cloud because they are either part of the state, local, or federal government or work closely with those groups.

The fact is Azure Government exists to meet a specific set of guidelines that government agencies often (but not always) must follow (FEDRAMP, DISA IL4, ITAR, etc.).  Each organization needs to understand what attestations/certifications/regulations matter to them and chose the LEAST RESTRICTIVE cloud environment that meets those stipulations.

The truth is most “government” organizations in the United States use Azure [commercial] either exclusively or for at least some of their cloud space.

When making your decision:

  1. Take time to see which environments meet your needs.  Many people are surprised at how robust the Azure [commercial] compliance space is.  https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings
  2. Take our 1.5hr FREE online class that goes into greater detail on what Azure Government is and is not.  https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-government/
  3. Take a look at the list of services you need versus those available at https://azure.microsoft.com/en-us/global-infrastructure/services/
  4. Take a look at the table below for the quick and dirty overview of both environments.
Comparison Point Microsoft Azure Commercial (MAC) Microsoft Azure Government (MAG)
Operational staff Microsoft screening Screened US citizens
Physical security Biometrics, isolation, fencing, etc. Same as MAC
Scope of offering All Azure features Features limited by certification
Portal (ARM) https://portal.azure.com https://portal.azure.us
Pricing concerns Base pricing, minus EA/commitment discount (if any) Base pricing, plus MAG premium, minus EA/commitment discount (if any)
Availability Anyone, on demand Requires approval from Microsoft
Identity (Azure AD) Integrates Office 365 & 3rd party SaaS Isolated, no integration
Coverage World Wide CONUS Only (traffic will not leave US)