Principal Architect, Director
Centrally manage your hybrid and multi-cloud environments.
Author: Yu Li
Hybrid and multi-cloud environments are complex and present many companies with major challenges: from central monitoring, governance and security, to infrastructure operation and integration.
More about these challenges can be found in the blog «Hybrid and Multi Cloud with Google Anthos» by Matthias Hert.
Azure Arc is Microsoft's answer for hybrid and multi-cloud environments. But for which scenarios is Azure Arc really suitable? Read more in this article.
Azure Arc can unify the management of cubnets and data workloads (SQL Server and PostgreSQL). Regardless of where the Kubernetes clusters are located (on Azure, on-premises, on AWS or Google Cloud Platform) and which Kubernetes solutions are used. From a technical perspective, Azure Arc installs the agents on the target Cubernetes cluster, which then receives and executes configuration data. Based on this core capability, any number of DevOps teams can benefit from additional Azure-native capabilities regarding governance, DevOps, security and management.
Azure Arc provides governance capabilities for hybrid and multi-cloud environments based on Azure Policies and Azure Blueprints.
Azure policies can be used to ensure the overall governance of your Azure and Kubernetes installations in hybrid and multi-cloud setups.
Using Kubernetes as an example, Azure Policies define that no privileged containers are running in Kubernetes, that the current Kubernetes version has no vulnerability or that no unwanted ports are open.
Thanks to Azure Arc this capability is now also available for Kubernetes clusters outside of Azure. Azure Blueprints can be used to define the entire project setup, including Azure resources, policies and roles. Azure Arc reinforces Azure Blueprints so that a complete environment can be defined and built in a hybrid or multi-cloud setup.
For example, Azure Monitor for Container collects and visualizes CPU and memory usage metrics for controllers, nodes and containers in different Kubernetes workloads.
For example, Azure Monitor can monitor whether the CPU or memory usage of nodes exceeds the limit or whether nodes reach the invalid status NotReady several times. Azure Monitor for Container can monitor and alert the Kubernetes workloads on Azure, on-premises and other public clouds. Azure DevOps is a one-stop shop for DevOps requirements (build, test, release and reporting). Azure Arc extends the capabilities of Azure DevOps to the Kubernetes cluster outside of Azure. After a pull request is merged into Azure DevOps, changes can be automatically distributed on the cluster across multiple on-premises data centers and other clouds.
The Azure Security Center ensures that the Kubernetes cluster and the workloads running on it comply with industry standards such as ISO-27001, Azure CIS and company-specific requirements. For example, Azure verifies that the SQL Server on the Kubernetes cluster has enabled data encryption features such as Transparent Data Encryption (TDE) and that the administrator of the SQL Server is equipped with Azure AD authentication.
Azure Sentinel is a cloud-native SIEM (Security Information Event Management and SOAR (Security Orchestration Automated Response) solution. With the help of Azure Sentinel, for example, suspicious access to Kubernetes workloads can be detected on-premises and appropriate countermeasures taken by means of an automated script.
With the help of Azure Arc, it is now possible to operate end-to-end hybrid and multi-cloud management. It is also possible to categorize the resources on-premises with different «tags».
«Tags» can, for example, simplify the allocation for different departments, if for example the resources are marked with the tag «cost centers». Another major advantage is that the cloud-native interfaces, such as Azure Portal, CLI and SDK, are available to the resources on-premises thanks to Azure Arc. These interfaces can then be used to automatically manage resources on-premises, thus reducing operational overhead.
Azure Arc provides governance, DevOps, security and management capabilities for Hybrid and Mult Cloud. In which concrete business scenarios and how can Azure Arc be used? In my view, the customer portal of a health insurance company in a hybrid setup is a suitable scenario.
The digital customer experience via the customer portal is a decisive differentiation factor for health insurance companies. An appealing customer experience reduces the bounce rate and increases the NPS (Net Promoter Score). As explained in the blog «Speed in der Entwicklung dank Cloud-native» companies can use cloud-native development to deliver innovative solutions faster. Some solutions, such as chatbot for customer support and image recognition for efficient underwriting, would not be conceivable without the public cloud.
But a sophisticated health insurance customer portal also requires integration with your on-premises core systems. This is the only way to realize an end-to-end customer journey. Customers want to use the customer portal to manage their bills and policies, report claims, and view the services they receive. Such core functionalities typically have to remain on-premises for regulatory reasons or due to technical limitations.
Azure Arc makes it easy to operate a customer portal in a hybrid cloud setup and provides autonomous DevOps teams with a 360-degree view of the entire system, ensuring stable and secure operations.
The reasons for a multi-cloud strategy are manifold: regulation, market-specific framework conditions, autonomy of business units and skills, independence from a single cloud provider, specific strengths of individual cloud platforms, projects by purchased solutions or partners, etc.
However, the increasing complexity in multi-cloud setups is growing rapidly, but can remain manageable with a solution like Arc. Azure Arc provides the ability to unify the management of cubernet and data workloads in a multi cloud setup with multiple providers. This also enables the unified operation and management of Kubernetes clusters on AWS and GCP as well as on-premises.
In summary, Azure Arc can be used as a central cockpit for data and Kubernetes workloads in hybrid or multi-cloud scenarios. The available functionalities are promising. Since Azure Arc is still a relatively new service in preview status (as of August 2020) and will continue to develop, Azure Arc probably does not cover all the requirements of a company today. We therefore recommend that companies identify suitable scenarios with Azure Arc as early as possible and check the technical feasibility. However, we see Azure Arc as a very relevant solution to manage the complexity of distributed workloads in hybrid and multi-cloud setups and to enable stable and efficient operations.