🔷 Introduction

Automotive engineering has unique challenges:

• Hardware-in-the-loop (HIL) benches in labs

• Large datasets from vehicle telemetry

• High-fidelity Digital Twin simulations

• Global distributed teams

• Strict IP protection and compliance rules

• Legacy on-prem systems that cannot migrate to cloud

Hybrid cloud architecture solves these challenges by allowing cloud + on-prem systems to work together as a single unified platform, enabling an SDV engineering ecosystem where:

• Cloud handles simulation scale, analytics, CI/CD

• On-prem handles HIL, ECU flashing, dyno tests

• Hybrid connectivity synchronizes data, APIs, workloads

This guide explains exactly how to design and implement a working hybrid cloud system for SDV, using Azure Arc, AKS, and secure connectivity models.

🔷 1. Why Hybrid Cloud Is Essential for SDV

🚗 Automotive relies on physical hardware

• HIL benches

• ECUs

• Vehicle test rigs

• Chassis dyno machines
  These cannot be moved to the cloud.

⚙️ Simulation & CI/CD need cloud scale

Cloud-native clusters provide:

• Unlimited CPU/GPU

• Auto-scaling

• Pipeline-heavy workloads

• Data analytics

🛡 OEM IP protection

Certain artefacts, calibration files, logs, or ECU binaries cannot leave on-prem labs.

🌎 Global team collaboration

Japan, India, Europe, US teams work on the same SDV platform.

This combination makes hybrid cloud the only viable architecture.

🔷 2. Reference Hybrid Cloud Architecture

A complete SDV hybrid architecture includes:

Connected via:

• ExpressRoute or VPN

• Private Endpoints

• Azure Arc agent

🔷 3. Key Components Explained

⭐ 1. Azure Arc

Allows Azure to manage on-prem servers, Kubernetes clusters, and even VMs as “cloud resources.”

Capabilities:

• Hybrid Kubernetes management

• Policy and governance enforcement

• GitOps deployment from Azure

• Monitoring & compliance

For SDV:

• Manage on-prem simulators

• Deploy configs automatically

• Apply GPU scheduling policies

⭐ 2. AKS (Azure Kubernetes Service)

Handles:

• Cloud-based simulations

• Telemetry pipelines

• Microservices

• CI/CD workloads

⭐ 3. API Management (API-M)

Centralizes all APIs, including:

• On-prem API endpoints (exposed via VPN/Hybrid)

• Cloud microservice APIs

• Partner/OEM APIs

It controls access, throttling, versioning, and security.

⭐ 4. ExpressRoute / VPN

Secure tunnels between on-prem lab and cloud.

Use cases:

• Send simulation data

• On-prem tools call cloud APIs

• Cloud triggers on-prem test cases

⭐ 5. Log & Data Analytics

• Kusto + App Insights for telemetry

• Unified logs across cloud + on-prem

• Centralized dashboards via Grafana

🔷 4. Step-by-Step Implementation Guide

⭐ STEP 1 — Identify Connectivity Requirements

Define:

• Which on-prem systems need cloud access

• Which cloud services need on-prem access

• Latency-sensitive components (HIL)

• Bandwidth-heavy systems (VDK logs)

• Access control matrix

Example diagram:

⭐ STEP 2 — Set Up Secure Hybrid Connectivity

Choose the right model:

Option A — ExpressRoute

✔ Best for enterprise
✔ Low latency
✔ High bandwidth
✔ Dedicated line

Option B — Site-to-Site VPN

✔ Cheaper
✔ Easy to set up
✔ Good for dev environments

Option C — Point-to-Site VPN

✔ Remote users
✔ Low overhead

Implement:

• Network peering

• Route tables

• Private DNS zones

• Firewall rules

⭐ STEP 3 — Enable Azure Arc on On-Prem Systems

Install Azure Arc agent on:

• Linux/Windows simulators

• Local Kubernetes clusters

• Bare-metal compute nodes

This makes them visible in Azure Portal.

Benefits:

• Apply Azure Policies

• Deploy Helm charts with GitOps

• Monitor workloads via Log Analytics

• Manage extensions/tools centrally

⭐ STEP 4 — Containerize On-Prem Tools

Many HIL tools are legacy.
Convert what you can into containers:

• ECU flashing utilities

• Test-runner scripts

• Data pipelines

• Validation orchestrators

These run on:

• Arc-enabled Kubernetes

• Local Docker hosts

⭐ STEP 5 — Create a Unified CI/CD Pipeline

A hybrid CI/CD pipeline looks like:

Implementation tips:

• Use GitLab runners on both cloud + on-prem

• Use Airflow to orchestrate complex flows

• Use Kusto for unified analytics

• Store artifacts in cloud, but allow on-prem access

⭐ STEP 6 — Implement Hybrid Observability

Include both ends:

Cloud:

• App Insights

• Azure Monitor

• Prometheus

• Grafana

On-Prem:

• Fluent Bit for log forwarding

• Filebeat

• Node Exporter

Send everything to:

• Azure Log Analytics

• Kusto

⭐ STEP 7 — Secure Hybrid Cloud

Apply:

• Azure AD Identity

• RBAC

• Conditional Access

• API keys rotations

• Private endpoints for APIs

• Role isolation for teams

For automotive IP:

• Disable public internet access

• Use private DNS

• Enforce encryption

⭐ STEP 8 — Sync Data Across Environments

Data transfer options:

1. Azure Data Factory

Scheduled sync jobs
Supports on-prem SQL, SFTP

2. IoT Hub

For real-time vehicle/simulator logs

3. Event Hubs

High-speed telemetry ingestion

4. Blob Storage

For large log dumps

5. Direct API Calls

From on-prem → cloud

⭐ STEP 9 — Build Cross-Environment Workflows

Examples:

Workflow 1: Cloud Triggering On-Prem HIL Bench

1. Cloud API triggers test

2. VPN route → on-prem

3. Local script executes on HIL bench

4. Logs pushed back to cloud

5. Cloud dashboards refresh

Workflow 2: On-Prem Simulators Pushing Telemetry

1. Sim finishes

2. Local log collector sends data

3. Kusto ingests

4. App Insights updates dependency charts

5. Alerts notify engineers

🔷 5. Hybrid Cloud Deployment Blueprint

Main CI/CD Flow:

Key Notes:

• HIL must stay on-prem

• Simulations scale in cloud

• Data analytics unify both

• Secure connectivity is crucial

🔷 6. Best Practices Checklist

🔐 Security

✔ Private links only
✔ No open public endpoints
✔ Secrets in KeyVault
✔ Strict RBAC

⚙️ Operations

✔ Auto-restart hybrid agents
✔ Monitor VPN health
✔ Centralized logging
✔ Scale cloud workloads only

🔄 Development

✔ Local runners mirror cloud runners
✔ GitOps for hybrid deployments
✔ Standardized repo structure

🔷 Conclusion

Hybrid cloud is no longer optional for automotive SDV engineering.
It provides:

• Scalable simulation

• Secure on-prem integration

• Unified CI/CD

• End-to-end observability

• Faster development cycles

• Global collaboration

A well-executed hybrid cloud is the foundation for next-generation automotive development.