> _ VG.dev
~/home~/projects~/blog~/about
~/blog
azure-vs-selfhosted-erp.md

title: "Azure vs Self-Hosted: Where I Deploy Enterprise ERP in 2026"

date: 2026-04-21

readingTime: 7 min read

tags: ["Azure", "Cloud", "Infrastructure"]

Azure vs Self-Hosted: Where I Deploy Enterprise ERP in 2026

April 21, 20267 min read
AzureCloudInfrastructure

Azure vs Self-Hosted: Where I Deploy Enterprise ERP in 2026

After running enterprise ERP systems both on Azure and self-hosted infrastructure for clients across the Middle East, I've learned that the "cloud is always better" narrative doesn't hold up for every scenario.

This post breaks down the real costs, tradeoffs, and decision framework I use when choosing deployment infrastructure.

The Context

Our ERP systems serve:

  • Multiple companies across Bahrain, UAE, Saudi Arabia
  • 24/7 operations with strict SLAs
  • Sensitive financial and payroll data
  • Compliance requirements (VAT, labor laws, data residency)

The deployment decision isn't theoretical—it directly impacts cost, compliance, and operational burden.

Cost Comparison (Real Numbers)

Scenario: Mid-Size ERP Deployment

Requirements:

  • 4 application servers (8 vCPU, 32GB RAM each)
  • 2 database servers (16 vCPU, 64GB RAM, 1TB SSD)
  • Load balancer
  • Backup storage (2TB)
  • 99.9% uptime SLA

Azure Deployment (Monthly)

| Resource | SKU | Monthly Cost | |----------|-----|--------------| | App Servers | D8s v5 (4x) | $1,460 | | DB Servers | E16s v5 (2x) | $1,850 | | Load Balancer | Standard | $25 | | Storage | 2TB Premium SSD | $350 | | Backup | 2TB + operations | $180 | | Network Egress | ~500GB/month | $45 | | Monitoring | Azure Monitor | $100 | | Total | | ~$4,010/month |

Annual: ~$48,000

Self-Hosted Deployment (Monthly)

| Resource | Cost | Monthly | |----------|------|---------| | Hardware (amortized 3 years) | $35,000 capex | $970 | | Colocation (rack space, power) | $800/month | $800 | | Network (1Gbps dedicated) | $500/month | $500 | | Backup (on-prem NAS) | $5,000 capex | $140 | | Maintenance contract | $300/month | $300 | | Total | | ~$2,710/month |

Annual: ~$32,500

Cost difference: Self-hosted is ~33% cheaper for this workload.

But wait—this doesn't include operational overhead. Let's factor that in.

Operational Overhead

Azure (Managed Services)

Pros:

  • No hardware maintenance
  • Auto-scaling built-in
  • Global redundancy options
  • Managed backups
  • Security patches automated

Cons:

  • Vendor lock-in
  • Cost unpredictability (egress charges, etc.)
  • Less control over infrastructure

Time investment: ~5 hours/week for monitoring and optimization

Self-Hosted

Pros:

  • Full control
  • Predictable costs
  • No egress charges
  • Data residency guaranteed
  • No vendor lock-in

Cons:

  • Hardware failures are your problem
  • Manual scaling
  • Disaster recovery is your responsibility
  • Security patches are your responsibility

Time investment: ~15 hours/week for maintenance, monitoring, backups, patches

Fully Loaded Cost

Add operational time at $75/hour (sysadmin salary + benefits):

Azure: $4,010 + (5 hrs × $75 × 4 weeks) = $5,510/month

Self-Hosted: $2,710 + (15 hrs × $75 × 4 weeks) = $7,210/month

Reversed: Azure is actually 23% cheaper when you include operational overhead.

Compliance and Data Residency

Middle East Requirements

Bahrain:

  • Financial data must remain in-country
  • Personal data protection law (PDPL) applies

UAE:

  • Dubai International Financial Centre (DIFC) has own data laws
  • Some sectors require on-premises storage

Saudi Arabia:

  • SAMA (Saudi Central Bank) regulations for financial data
  • Cloud adoption framework exists but restrictions apply

Azure Regions

| Country | Azure Region | Compliance Certifications | |---------|--------------|---------------------------| | Bahrain | ❌ None | N/A | | UAE | ✅ UAE North (Dubai) | ISO 27001, SOC 1/2/3 | | Saudi Arabia | ✅ Saudi Arabia Central (Riyadh) | ISO 27001, SOC 1/2/3 |

Problem: No Azure region in Bahrain.

Solution options:

  1. Deploy to UAE (legally acceptable for some clients)
  2. Self-host in Bahrain (required for some clients)
  3. Hybrid (sensitive data on-prem, rest on Azure)

Our Approach

┌─────────────────────────────────────────────────┐
│              Bahrain (On-Premises)              │
│  ┌─────────────────────────────────────────┐   │
│  │  Sensitive Data: Payroll, HR, Finance   │   │
│  │  - Full control                          │   │
│  │  - Data residency guaranteed             │   │
│  └─────────────────────────────────────────┘   │
└─────────────────────────────────────────────────┘
                      │
                      │ Sync (encrypted)
                      ↓
┌─────────────────────────────────────────────────┐
│              Azure UAE North (Dubai)            │
│  ┌─────────────────────────────────────────┐   │
│  │  Non-Sensitive: Reporting, Analytics    │   │
│  │  - Auto-scaling                          │   │
│  │  - Global access                         │   │
│  └─────────────────────────────────────────┘   │
└─────────────────────────────────────────────────┘

Performance Comparison

Latency (Average Response Times)

| Scenario | Azure (UAE) | Self-Hosted (Bahrain) | |----------|-------------|----------------------| | Local users (Bahrain) | 45ms | 8ms | | Regional users (GCC) | 35ms | 25ms | | Global users (Europe) | 85ms | 150ms | | Global users (Asia) | 120ms | 180ms |

Insight: Self-hosted wins for local users. Azure wins for global access.

Scalability

Azure:

  • Scale up: Minutes (change VM size)
  • Scale out: Minutes (add instances)
  • Auto-scale: Built-in

Self-Hosted:

  • Scale up: Weeks (order hardware)
  • Scale out: Weeks (procure and configure)
  • Auto-scale: Manual implementation required

Disaster Recovery

Azure DR Options

# Azure Site Recovery configuration
Primary: Azure UAE North
Secondary: Azure Saudi Arabia Central

RPO (Recovery Point Objective): 5 minutes
RTO (Recovery Time Objective): 15 minutes

Cost: ~$800/month for replication

Self-Hosted DR

# Our on-prem DR setup
Primary: Bahrain datacenter
Secondary: UAE colocation facility

RPO: 1 hour (backup frequency)
RTO: 4 hours (manual failover)

Cost: ~$1,200/month (secondary site + replication)

Azure advantage: Faster recovery, lower cost for DR

Security

Azure Security Features

  • Azure Active Directory integration
  • Network Security Groups (NSGs)
  • Azure Firewall
  • DDoS protection (built-in)
  • Security Center (threat detection)
  • Key Vault (secret management)
  • Automated patching

Estimated value: ~$500/month if implemented separately

Self-Hosted Security

  • Firewall (pfSense): Free
  • IDS/IPS (Suricata): Free
  • SIEM (ELK Stack): $200/month (hosting)
  • Backup encryption: Built-in
  • Physical security: Included in colocation

Total: ~$200/month + significant configuration time

Winner: Azure for out-of-the-box security. Self-hosted for full control.

Decision Framework

When to Choose Azure

✅ Choose Azure when:

  • Global user base
  • Need rapid scaling
  • Limited ops team
  • DR requirements are strict
  • Security compliance is complex
  • Capex is constrained

❌ Avoid Azure when:

  • Data residency requires on-prem
  • Predictable, steady workload
  • Strong in-house ops team
  • Cost is primary concern
  • Existing datacenter investment

When to Choose Self-Hosted

✅ Choose Self-Hosted when:

  • Data residency mandates it
  • Stable, predictable workload
  • Existing infrastructure
  • Cost-sensitive long-term
  • Need full control

❌ Avoid Self-Hosted when:

  • Rapid growth expected
  • Limited ops expertise
  • Global user base
  • Strict DR requirements
  • Capex is constrained

Hybrid Approach (Our Choice)

For most enterprise clients, we recommend hybrid:

Sensitive Workloads → On-Premises
├── Payroll processing
├── Core financial transactions
├── HR data
└── Compliance-mandated data

Non-Sensitive Workloads → Azure
├── Reporting and analytics
├── Public-facing portals
├── Development/test environments
└── Disaster recovery

Migration Strategy

Phase 1: Assessment (2-4 weeks)

- Inventory all applications and data
- Classify by sensitivity and compliance requirements
- Map dependencies
- Estimate costs for both options

Phase 2: Pilot (4-8 weeks)

- Migrate non-critical workload to Azure
- Test performance, connectivity, DR
- Validate cost projections
- Train team on Azure operations

Phase 3: Phased Migration (3-6 months)

- Migrate workload by workload
- Maintain parallel environments during transition
- Validate each migration before proceeding
- Decommission on-prem resources gradually

Real-World Example: Our Payroll System

Before (Self-Hosted Only)

- 4 physical servers in Bahrain datacenter
- Manual backups
- 4-hour RTO
- $3,200/month fully loaded
- 20 hours/week ops time

After (Hybrid)

- Payroll processing: On-prem (data residency)
- Reporting portal: Azure UAE North
- DR: Azure Saudi Arabia Central
- $4,100/month fully loaded
- 8 hours/week ops time
- 15-minute RTO for reporting

Trade-off: Slightly higher cost for dramatically better DR and reduced ops burden.

Key Takeaways

  1. Total cost includes operations, not just infrastructure
  2. Data residency often dictates the decision in Middle East
  3. Hybrid approaches work well for enterprise scenarios
  4. Azure wins on DR and security out-of-the-box
  5. Self-hosted wins on predictable costs and control
  6. Start with assessment—don't assume cloud is always better

Deploying enterprise systems in the Middle East? Happy to share more specific insights. Find me on LinkedIn.

PreviousNext