Chapter 1. Azure Arc Consistency Across Multiclouds

In this chapter, you’ll embark on a journey into the world of multicloud and also gain an overview of what the entire Azure Arc service has to offer.

What Is Azure Arc?

In today’s world of tech, many organizations large and small have embraced cloud. Organizations often opt for a hybrid and multicloud strategy, and they often have some workloads running on-premises while other workloads run across multiple cloud providers.

Organizations adopt a hybrid and multicloud strategy for a number of reasons: it helps them realize the benefits of their on-premises investments, avoid vendor lock-in, and minimize downtime risk from a single cloud provider, and it gives them the ability to leverage the innovation of technologies from any cloud provider they choose.

With this choice comes new deployment and management challenges. One of the first challenges is handling differences between each cloud provider and the differences in the native tooling used for governance and management of each. This can be expensive to run and hard to keep up with.

Another challenge is skill sets—getting your IT teams skilled up on a single cloud is challenging enough, but mastering two or three different cloud platforms is even more difficult. Being able to train on a single toolset or cloud lowers the barrier to your teams managing multicloud. Solutions are available for solving this challenge, and Azure Arc is one such solution.

Azure Arc is a software-based cloud solution that responds directly to the on-premises and multicloud management need. Microsoft announced Azure Arc during their 2019 annual Ignite conference, which created excitement and buzz because it was a game-changer in the world of cloud.

Azure Arc extends the Microsoft hybrid cloud offerings by expanding it into multicloud. Azure Arc sets out to simplify complex and distributed environments by bringing the Azure plane and its management tools to on-premises, edge, and multicloud. Azure Arc gives IT teams the ability to deploy workloads and manage resources, regardless of where they exist.

Azure Arc extends the Azure Resource Management (ARM) platform and Azure native management services to resources whether they exist in Azure or not. This means resources can be managed in any environment from Azure, regardless of whether they are:

  • On-premises

  • Non-Azure clouds (e.g., AWS, GCP, etc.)

  • Microsoft Hybrid (e.g., Azure Stack Hub, Azure Stack HCI, Azure Stack Edge)

Figure 1-1 shows how the Azure control plane, Azure Resource Manager, and Azure Arc relate to external sources under Azure Arc management.

You can also use Azure Arc to deploy workloads to any environment. For example, you can deploy containerized workloads to a Kubernetes cluster running in Azure or outside of Azure, or you can deploy a SQL or PostgreSQL database to a non-Azure-based environment. With Azure Arc, you’re essentially projecting resources from your other environments into ARM. Once a resource is projected into Azure Arc, you can then start using Azure native tooling to govern, manage, and deploy to it.

Diagram of Azure to external resources via Azure Arc
Figure 1-1. Diagram of Azure to external resources via Azure Arc

At the time of this writing, Azure Arc is able to manage the following resource types that are hosted outside of Azure:

Servers

Supports Linux and Windows, bare-metal servers, on-premises servers, AWS EC2 virtual machines, GCP computer engine virtual machines, VMWare virtual machines, and Hyper-V virtual machines.

Kubernetes

Supports on-premises Kubernetes clusters, Rancher K3s, AWS EKS clusters, and GCP GKE clusters.

Data s ervices

Supports SQL Database and PostgreSQL.

Some of the Azure services that can be extended include:

  • Role-based access control (RBAC)

  • Subscriptions

  • Management groups

  • Resource groups

  • Tagging

  • Security Center

  • Azure Defender

  • Azure Sentinel

  • Azure Policy

  • Azure Policy Guest Configuration

  • Update management

  • Change tracking

  • Inventory

  • Azure Automation

  • Azure Monitor

  • GitOps

In addition to those Azure Services, by bringing non-Azure resources under Azure Arc management, you also enable the following Azure functionality, services, and tools:

  • Viewing and access in the Azure Portal

  • Azure SDK

  • ARM Templates

  • Azure CLI

  • Azure PowerShell module

  • Azure Terraform Provider

Let’s take a moment to unpack the Azure Arc pricing as it stands at the time of this writing. Azure Arc enabled Kubernetes and Azure Arc enabled data services are currently in preview and available at no additional cost.

Azure Arc enabled servers is currently free for management of Azure Arc projected servers. Azure VM uses many of the native Azure Management services, such as inventory, change tracking, update management, Azure Policy, and the Azure Arc control plane functionality. Note that there is a charge for each additional Azure Management service, such as Azure Monitor, Azure Policy Guest Configuration, Security Center, Azure Defender, Azure Sentinel, and Azure Automation. You can check the Azure Arc pricing page for the latest pricing updates.

Azure Arc control plane functionality is offered for free. The services that are considered part of the Azure Arc control plane are as follows:

  • Resource organization through Azure management groups and tagging

  • Searching and indexing through Resource Graph

  • Access and security through Azure RBAC and Azure subscriptions

  • Environments and automation through ARM templates and Azure extensions

Some companies that are already using Azure Arc include Siemens, KPMG, Avanade, and Ferguson.

Azure Arc Enables the “Single Pane of Glass” Promise

A long-term holy grail of information technology professionals has been a “single pane of glass”: a single dashboard or a centralized place that can be utilized for management of resources and workloads. Many products have promised this single pane of glass but have not been able to deliver.

It’s clear that the market is demanding multicloud; according to Flexera’s 2020 State Of The Cloud Report, 93% of enterprises have a multicloud strategy. multicloud drives up the need for a single pane of glass even further because more multicloud architectures are more complex and challenging to manage. It’s essential to have tooling that enables strong governance and security of resources and workloads between multiple clouds. Microsoft has answered the call, and compared to their competitors and Azure Arc’s counterparts in the market, it stands out for its distinctive design and approach, as it allows you to leave your workloads where you want and extend Azure tooling to those workloads.

There are, of course, other technologies available. For example, Google offers Anthos, a managed application platform extending GCP services to any environment. With Anthos, the approach is move workloads to containers running on Google Kubernetes Engine (GKE). In contrast, the approach of Azure Arc is to provide flexibility and allow users to choose to leave resources on-premises, in other clouds, or to run them in Azure. In contrast with Anthos, Azure Arc allows customers to run on virtual machines or containers; Arc extends the control plane to both and serves as the overarching management layer for these resources. Arc can be used to assist with the lifecycle of resources spanning virtual machines, database instances, and Kubernetes clusters, whereas its counterparts focus solely on containers.

With Arc, customers can deploy applications to either virtual machines or Kubernetes clusters that are projected into Azure Arc regardless of where they live, giving information technology professionals that holy grail of a true single pane of glass for management within Azure.

This brings us to the end of our overview of Azure Arc. We won’t dive any deeper into Azure Arc enabled Servers or Data Services in this report, as the focus is on Azure Arc enabled Kubernetes. The following chapters will be a further exploration of Azure Arc enabled Kubernetes.

Get Azure Arc Enabled Kubernetes for Multicloud now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.