Is there an easy way to deploy apps and policies to our virtual machines and containers running in multiple cloud environments? Or on-premises?
These are the key questions Microsoft has aimed to answer in the past few months with Azure Arc, a new service currently in preview mode that provides a central control plane that lets businesses deliver apps and policies to VMs, containers and Kubernetes running on either physical servers or in other public clouds outside of Azure.
While still early days, the capabilities and benefits of Azure Arc are promising. We breakdown what the service offers in the way of better multicloud and hybrid cloud management and governance, the top 7 benefits of Azure Arc and why your business should start paying attention to its promising value offering right now.
What exactly is Azure Arc for?
Azure Arc is a new set of Microsoft hybrid cloud technologies managed from Azure Portal that seamlessly extend the control plane/resource management and security capabilities of Azure Cloud, to any infrastructure deployed across on-premises, edge and multi cloud environments.
Many businesses today run a mixture of mission-critical applications in on-premises data centers and in the cloud. Resource sprawl can become an issue in this scenario, especially for organisations moving towards a more cloud-native future but still need to have certain apps hosted on-site. Azure Arc acts as a new cloud-native management solution to organise and control all IT resources in one place, regardless if they’re in Azure or in another location.
You can manage all your company’s disparate cloud resources deployed within Microsoft Azure and externally (in another public cloud like AWS or on-premise), including virtual machines (VMs), Windows and Linux database servers and Kubernetes clusters in one central cloud solution.
In short, Azure Arc helps organisations take another big step forward to foster more modern application infrastructures while maintaining a hybrid and/or multicloud environment.
How Azure Arc helps manage multicloud and hybrid resources
The main cloud control capabilities of Microsoft Azure come under what’s known as the Azure Fabric Controller (FC).
The Fabric Controller is used to manage your servers and coordinate resources for key applications, while providing advanced monitoring over them. As the platform’s control plane, all virtual machines in Azure report its state to the FC - whether it’s provisioned, paused, scaled or removed. The FC is continuously improved and updated to empower companies to better manage and monitor the life-cycle of their various resources.
Alongside FC is Azure Resource Manager (ARM), a tool that manages creation, updating and deletion of resources in an Azure subscription. ARM helps organise resources after they are deployed in the cloud with access control, tags and more. This is where services like VMs, Azure Kubernetes Service (AKS) and SQL Database are all configured.
What Azure Arc does is essentially extend the capabilities of these two very useful management layers - alongside the various other individually connected hybrid Azure services like Azure Monitor and Azure Automation - to your organisation’s other cloud-based resources hosted outside of Microsoft Azure.
- For instance, if you have a virtual machine running in another public cloud, such as Amazon EC2 or Google Compute Engine, you can register them with ARM via Azure Arc. This works similarly for physical servers running in a data center on-premise, or behind a firewall or proxy. All of these resources will register as a compute resource as normal via Azure Fabric Controller, and all VMs deployed outside of Azure run a software agent called Connected Machines, similar to VM Agent for Azure.
- Kubernetes is set to be a big game-changer in 2020, and Azure Arc will register clusters deployed in other clouds with the same management capabilities as AKS. This opens up a number of options, like running a managed Kubernetes service on another cloud platform (Amazon EKS or Google Kubernetes Engine, for example) while still being able to register and manage it alongside all your other resources within Azure Arc.
- Azure Arc can run managed database services in both hybrid and multicloud environments while retaining automated updates and audits. At the time of writing, Azure SQL Database and PostgreSQL Hyperscale are supported to run outside of Azure.
- Azure Arc can extend ARM templates within one single control plane to apply the same policy to both the on-premises and cloud-based instances of mission-critical applications to ensure both have the same settings. You can also monitor for compliance, and quickly remediate changed settings through the same portal.
In short, Azure Arc is a useful solution which lets businesses with legacy on-premise infrastructure make the transition to the hybrid cloud - or those just on Azure make the leap to the multicloud - far easier than before, with less complexity, risk and cost. No matter how old your Linux VM running on a physical server is, it will show up in Azure FC in the same region and resource groups alongside your modern cloud-based applications and databases.
7 top benefits of Azure Arc: Why your business should care
Azure Arc is still evolving, but the value it offers for multi cloud management is immense.
1. Businesses can manage their public cloud resources running within and outside of Microsoft Azure through the same centralised, cloud-native management interface.
2. Businesses can leverage compliance and security capabilities of Azure Security Center for all cloud resources - within Azure and external - that are registered with Azure Arc. Patching, policies, tags and more can be automatically rolled out to all your VMs.
3. Businesses can leverage advanced monitoring and insights of Azure Monitor for all cloud-based resources registered with Azure Arc, whether they’re in Azure or not.
4. Businesses can use ARM templates and all of its benefits - role-based access control (RBAC), policies and tagging - for VMs outside of Azure, as well as universal governance of resources through Azure Policy.
5. Businesses can run cloud-native, modernised applications packaged and deployed in containers as microservices running in VMs or Kubernetes clusters registered in Azure Arc. Manage Kubernetes apps across environments using DevOps techniques.
6. Businesses can build containerised apps using whatever tools they prefer with Azure Arc, and deploy, configure and manage them with GitOps.
7. Businesses can run Azure data services across environments, leveraging elastic scale based on capacity with the ability to deploy and adjust in seconds, and consolidate billing for on-premises workloads to further optimise your ongoing costs.
The above benefits are the high-level summaries of why Azure Arc is ideal for DevOps teams. Instead of several different cloud control planes, they can run and deploy applications, services and systems wherever they need to and manage them from one unified interface. DevOps teams can also better consolidate and integrate critical legacy apps on-premise with modern cloud native apps using the containers and microservices capabilities of Arc.
Will Azure Arc work for me?
One key consideration with Azure Arc to take into account is, even as a curious Microsoft solution that aids enterprise hybrid and multi cloud initiatives, it does direct users to solely use Azure Cloud tools to manage all our resource deployments (on-premise, in other clouds, in Azure) and control their policies and security from one platform.
If you’re conscious about vendor lock-in, or if Microsoft Azure isn’t intended as your primary public cloud provider, it’s definitely a point to consider, but its strength in bringing cloud-native controls to on-prem resources cannot be overlooked.