Microsoft’s new management tool brings Azure management to every hybrid cloud.
Microsoft Ignite 2019 in review: Azure Arc, HoloLens 2, Edge, Quantum and Teams
With around 26,000 attendees at Microsoft Ignite 2019 in Orlando, the company has announced dozens of new features, products, and updates.
How do you get the benefits of the cloud in your own data center? Microsoft has been thinking about this question for a while and has come up with a series of different solutions. On one side of the scale is the ‘Azure-consistent’ hardware portfolio, which starts with the rack-based Azure Stack Hub and scales up to IoT and edge compute-oriented Azure Stack Edge hardware. But they all need you to invest in new, specialized hardware. What do you do if you want to use your own existing infrastructure?
SEE: Special report: the decision of the cloud against the data center (free PDF) (TechRepublic Premium)
That’s where the recent announcement of Azure Arc comes from, the launch of an application-level control level for your modern cloud applications. Arc is managed from the Azure Portal and uses well-known Azure concepts and tools to deliver applications and management policies to virtual machines and Kubernetes running on your servers or other public clouds.
What Azure Arc is and what it is not
It’s a little hard to understand what Azure Arc is – the first blog posts and the wait page on the Microsoft website are much more marketing material than technical information. However, we were able to talk to a part of the team at the recent Ignite event from Microsoft and now have a good idea of what it is – and, perhaps more importantly, what it is.
Azure Arc is no other way to deliver a cloud-like operating system to your data center. It does not install Kubernetes and does not manage your virtual infrastructure for you. Above all, you should definitely not expect Microsoft to use Azure Arc to deliver an Azure Stack Hub without the hardware.
Instead, it is part of a change in Microsoft’s thinking about distributed application management. Best represented in its Open Application Model, it treats distributed computing as three layers: a combination of physical and virtual infrastructures, a set of application services and an application. In this model you manage each layer individually. The infrastructure layer hosts the application services, including container orchestration services such as Kubernetes. Applications are implemented on that layer, either as individual virtual machines or as a set of containers together with cluster definitions.
Azure Arc extends Azure management capabilities to Linux and Windows servers, as well as Kubernetes clusters on infrastructure over on-premises, multi-cloud and edge.
Image: Microsoft
Azure Arc is part of the middle layer management, using well-known Azure tools to deliver and manage applications running on existing private cloud installations. If you use a tool such as VMware’s vSphere to run a virtual infrastructure, Azure Arc connects to those VMs and links them to Azure’s management tools. Once connected, you can manage them using the Azure Portal and target them for application deployments.
You are not limited to working with virtual machines, you can also use Azure Arc to manage Kubernetes, implement containers with your code and with container versions of Azure SQL Database and hyperscale PostgreSQL from Azure. If you use AKS, your code can add additional Azure-hosted resources if you wish, turning new nodes and hosting the same containers.
Introduction of connected machines
The core of Azure Arc is a management agent that runs on what Arc Connected Machines calls. These are managed servers, each with an Azure Resource ID and managed as part of an Azure Resource Group. Once a server is connected, you can see it in your Azure Portal and you can apply management policies from an Azure Resource Manager template. Connected machines must have a recent release of Windows Server or Ubuntu, with a direct connection to the Azure Arc service endpoints. These use SSL, so if you use a proxy, make sure it supports HTTPS.
SEE: Top cloud providers 2019: a guide for the most important players (TechRepublic Premium)
Those connected machines are managed using your current enterprise infrastructure tools, so that you can continue to use VMware or System Center tools and skills to manage your virtual infrastructure. What Azure Arc does is use ARM policies to ensure that you run that VM infrastructure securely, apply role-based access controls, and manage server identities.
Managed VMs do not need to run on your own infrastructure – if you use AWS or GCP, you can still add VMs to your Azure Portal. All you have to do is bundle the Azure Arc agent into your VMs and connect them as soon as they start.
A control surface for modern application infrastructures
Keeping the infrastructure and application control areas separate is a logical way to manage hybrid cloud platforms. By using ARM templates to declaratively apply the same policy to local and cloud instances of the same applications, you can be sure that they have the same settings. The Arc agent not only sets policies, but also checks for compliance and can correct changed settings where necessary. Everything is visible through the Azure Portal, so you can quickly see which servers are incompatible.
Administrators have access to a command-line tool that can be used to configure and debug Azure connections. You use it with PowerShell to connect servers and to collect and view status information. Much of Azure Arc’s management is handled by using PowerShell instead of Group Policy, with PowerShell’s preferred management tool for configuration management applying policies and ensuring that managed servers and VMs do not enforce compliance.
Not only VMs, but also Kubernetes
Although the public preview does not yet support Kubernetes, Microsoft has said that Azure Arc’s Kubernetes support is based on the same agent model implemented through Helm. Once you manage a cluster, you can implement data services with Azure SQL and Azure PostgreSQL, via the pay-as-you-go model used in the rest of Azure. That way, you can run a managed database service with the same benefits as Azure, but on your own network, and ensure regulatory compliance. Arc policy can then check your Git repositories for changes and download new code and containers as they are built.
Microsoft is clear that Azure Arc is part of its Azure Management platform, allowing Azure Resource Manager to choose the cloud of choice. It is linked to your existing Azure billing, but if you manage resources on AWS or another public cloud, you will not understand billing and you must still use existing management tools for this. Clusters don’t always have to be connected, so Azure Arc can manage the cloud running on ships or in remote areas, and download updates and new policies when they connect.
What Arc guarantees is that the same policies are implemented everywhere for the same code. Your ARM templates are policies that ensure that the correct ports are open, that servers are connected to the correct domains, or that there is no risk that security certificates will expire. If you need to keep the lights on in a cloud-native infrastructure and you are already dependent on Azure, this is what you need to ensure that your hybrid cloud works the same way – no matter where it is installed. Don’t forget to keep the lights on by managing that underlying infrastructure as you always have.
Cloud Insights newsletter
Your knowledge base for the latest news on AWS, Microsoft Azure, Google Cloud Platform, Docker, SaaS, IaaS, cloud security, containers, the public cloud, the hybrid cloud, the industry cloud and much more.
Delivered on Mondays
Register today