A Closer Look At Azure Arc – Microsoft’s Hybrid And Multi-Cloud Platform

Source:-forbes.com

At Build 2020, Microsoft has announced the public preview of Azure Arc-enabled Kubernetes.

Azure Arc, the hybrid and multi-cloud platform was originally announced at the Ignite conference last year. I spent the weekend exploring the architecture of Azure Arc along with the key scenarios it enables for enterprise customers.

Here is an analysis of Azure Arc along with the features available in public preview:

Azure Arc delivers three capabilities – managing VMs running outside of Azure, registering and managing Kubernetes clusters deployed within and outside of Azure and running managed data services based on Azure SQL and PostgreSQL Hyperscale in Kubernetes clusters registered with Azure Arc.

As of Build 2020, Microsoft has opened up the first two features of Azure Arc – management of VMs and Kubernetes clusters running outside of Azure. Azure Arc enabled data services is still in private preview.

Azure Arc for Servers – Bring your own machine to the cloud

With Azure Arc for servers, customers can connect Linux and Windows (physical and virtual) machines hosted outside of Azure as a resource with Azure control plane.

When an external machine is connected to Azure, it becomes a hybrid, connected machine that is treated as a resource in Azure. Each connected machine has an Azure resource identifier which is managed as part of a resource group inside a subscription. It benefits from standard Azure constructs such as applying tags and enforcing an Azure Policy.

Registering a machine with Azure Arc is easy. Customers need to install the Azure Connected Machine agent which is available for both Windows and Linux OS. The agent sends a heartbeat periodically to the Azure control plane informing that it’s ready to accept configuration changes.

The Connected Machine agent can be deployed in a variety of OS environments including Windows Server 2012 R2 or higher, Ubuntu 16.04, SUSE Linux Enterprise Server 15, Red Hat Enterprise Linux 7, and even Amazon Linux 2.

The registered machines are listed in the same Azure resource group that has native Azure VMs running in the public cloud. Customers can apply labels to any VM in the resource group to include or exclude them in a policy. Participating machines can be audited by an Azure Policy and an action can be taken based on the outcome.

For example, an enterprise IT team can impose a policy to ensure that all Linux machines only have SSH-enabled accounts and disable those accounts that use passwords. This policy will be run on all the Linux machines belonging to a resource group irrespective of their location.

The Connected Machine agent can be managed through Microsoft Update on a Windows machine and by manually upgrading the agent on the Linux machine.

At Build 2020, Microsoft has announced Arc’s support for SUSE Linux Enterprise Server and Red Hat Linux Enterprise Linux.

Azure Arc-enabled Kubernetes – Bring your own Kubernetes cluster to the cloud
Similar to how VMs can be onboarded to Azure, Kubernetes clusters can be brought into the fold of Azure Arc.

Customers can attach Kubernetes clusters running anywhere outside of Azure to Azure Arc. This includes bare-metal clusters running on-premises, managed clusters such as Amazon EKS and Google Kubernetes Engine, and enterprise PaaS offerings such as Red Hat OpenShift and Tanzu Kubernetes Grid.

Similar to the Connected Machine agent pushed to a VM, Azure Arc deploys an agent under the azure-arc namespace. It does exactly what the VM agent does – watch for configuration requests. Apart from that, the Arc agent running in a Kubernetes cluster can send telemetry to Azure Monitor. The telemetry includes inventory, Kubernetes events, container std{out; err} logs, and node, container, Kubelet, and GPU performance metrics.

Once the agent is deployed in a Kubernetes cluster, it can participate in the GitOps-based configuration management and policy updates.

For example, a cluster administrator can roll out a policy to prevent privileged pods from running in a specific namespace.

Applications and configurations that impact all the clusters can be pushed via the GitOps model. GitOps encourages maintaining and versioning configuration along with the source code in a source code management system such as GitHub or GitLab. A deployment agent within the Kubernetes cluster watches the changes made to the repository and immediately synchronizes the changes.

Microsoft is relying on Flux, an open source GitOps deployment tool which is currently a part of the Cloud Native Computing sandbox project.

With GitOps, cluster administrators can centrally manage a variety of mundane tasks such as the creation of namespaces, RBAC, registry secrets and more.

Azure Arc-enabled Kubernetes ensures that the workloads match the desired state of the configuration by monitoring the drift and automatically applying the required changes.

Azure Arc-enabled Kubernetes comes with three capabilities:

Global inventory management – You can onboard all the Kubernetes clusters irrespective of their deployment location to manage them from a single location.

Centralized workload management – With Azure Arc, it is possible to roll out applications and configuration to hundreds of registered clusters with one commit to the source code repository.

Policy-driven cluster management – Ensure that the cluster runs the policies by centrally governing and auditing the infrastructure.

Microsoft has partnered with Red Hat, SUSE, and Rancher to officially bring OpenShift, SUSE CaaS and Rancher Kubernetes Engine to Azure Arc.

Key takeaways
With Azure Arc, Microsoft has taken a different approach to hybrid and multi-cloud. It’s leveraging its strong public cloud footprint and enterprise presence to build a solid bridge between on-premises infrastructure and cloud.

Azure Arc’s simplicity and transparency will convince enterprises to adopt the platform. Unlike other hybrid environments, Azure Arc onboards VMs and Kubernetes clusters to public cloud with just one command.

Microsoft scores additional points for adopting the open source Flux project as the choice of GitOps tool for Azure Arc. It brings transparency to the platform while providing confidence to users.

As Flux matures and graduates from the CNCF sandbox, Azure Arc will benefit from it. Microsoft should consider increasing its contribution to Flux project based on the feedback from Azure Arc users.

With Azure IoT Edge, Azure Stack Edge and Azure Arc, Microsoft covers the whole spectrum spanning the edge, data center, and the cloud.

With Azure Arc for data services, customers will benefit from the ability to run managed database services in any Kubernetes cluster managed by Azure Arc. This capability will emerge as the key differentiating feature of Azure Arc.

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x