Embed Size (px)
Citation preview
Copyright© 2019 Sogeti. All rights reserved
Azure Arc A new Hybrid &
Multicloud Platform
Author: Partho Ganguly
Copyright© 2019 Sogeti. All rights reserved
Background By now every big or small organization leverages cloud at some level- be it public (including multi-cloud) or hybrid (public & private) so it is the need of the hour to have a simpler yet
comprehensive management & governance platform for managing infrastructure from all the sources be it Azure, other Cloud providers or on-prem.
Microsoft has been continuously improving the control plane of Azure which is responsible for managing the lifecycle of resources such as virtual machines, database instances and Kubernetes
clusters. Technically, control plane is called the Azure Fabric Controller. Each time a resource is provisioned, scaled, stopped, or terminated; the operation goes through the Fabric Controller.
In between the fabric controller and the resources, there is another layer called the Azure
Resource Manager (ARM) that automates the resource lifecycle. Microsoft has built resource
providers for each of the services running within Azure.
What is Azure Arc Azure Arc extends the Azure Resource Manager model down to servers and Kubernetes clusters.
It’s designed to manage resources in a cloudlike manner wherever they are, treating Azure’s
resource tooling as your control plane. Microsoft has built a lot of flexibility as to the environments
that Azure Arc governs. It can be used for controlling bare metal environments as well as virtual
machines running on any private or public cloud, SQL Server, or Kubernetes (K8s) clusters. And
they can all be managed from the same pane of glass, where we can mix and match the
monitoring and management of the environments.
Copyright© 2019 Sogeti. All rights reserved
Source
Apart from managing and monitoring the resources, we can also be benefitted by:
Apply Azure RBAC to these resources
Apply Azure Policy to these resources
Monitor these resources with Log Analytics and Security Centre
Audit with Azure Activity Logs
Query with Azure Resource Graph
How it works As part of setting up the service, Azure Arc generates a custom script that will run on
unconnected servers, downloading and installing the agent, before connecting to Azure and
adding the server as a resource.
Support & Pre-requisite:
To use Arc, we first need to be running a supported OS, for VMs this is:
Windows Server 2012 R2 and newer
Ubuntu 16.04 and 18.04
Copyright© 2019 Sogeti. All rights reserved
To allow the agent to communicate with Azure, the VMs will need outbound connectivity on port
443 (SSL) to Azure. The full list of addresses it needs to connect to can be found here .
As stated above, Azure Arc uses ARM with local agents and resource providers to manage VMs,
Kubernetes clusters and the new Azure Stack HCI (where Arc is built into the OS), as well as the
services (Azure Data Services) that you can run on top of them. Arc ties into ARM features like
tags, policy and RBAC, and to Azure Management logs and Azure Policy.
You still use native tools for provisioning VMs and clusters, doing upgrades and lifecycle
management, and for monitoring. Though, we’ll still be using tools like kubectl, Helm charts,
CRDs, Grafana and the GitOps workflow that’s become common for Kubernetes, or PowerShell
and Windows Admin Center.
Source
Why we should use Arc
Azure Arc is aimed at clients or customers who have machines outside of Azure that they need to manage, and who have already invested in Azure as their primary cloud. If they have already set
up RBAC and Policies in Azure, then being able to apply these to external machines could make their governance and security much more consistent and easier to manage.
Extending beyond VMs into Kubernetes also means that Azure Arc can help customers manage policies across their Kubernetes portfolio, enforcing best practice.
Copyright© 2019 Sogeti. All rights reserved
The ability to include machines in Log Analytics, security centre and have activity logs also means
you they get logs and audit all in one place, in a consistent format.
By adding external resources into Azure, one can also gain the ability to manage them in Azure, both through the portal, but perhaps more importantly, through the REST API, PowerShell and CLI.
Finally, take advantage of being able to run other Azure resources such as Azure SQL, outside of
Azure, then Arc will provide the platform for doing so.
Comparison with competitors
Azure Arc vs AWS Outposts
AWS Outposts are purpose-built, Amazon-designed, hyper-converged infrastructure appliances comprising compute, memory, storage and networking. Since AWS Outposts appliances are based
on the AWS Nitro System, they come in custom configurations.
Amazon customers subscribe to Outposts service just like they consume EC2 instances. They don’t own the infrastructure.
AWS Outposts customers choose from two different stacks - AWS-only flavour with the familiar AWS APIs and control plane or a VMware variant that runs vSphere, vSAN, and NSX as a part of
VMware SDDC stack.
Some of the AWS managed services such as Application Load Balancer (ALB), Amazon ECS and Amazon EKS for containers, Amazon EMR for big data and Amazon RDS for databases run on AWS
Outposts.
When compared to AWS Outposts, Microsoft Azure Arc doesn’t need proprietary hardware. Any Linux or Windows VM can be registered and managed through Azure. AWS Outposts are comparable to Azure Stack Hub managed through Azure Arc.
Though Outposts run container infrastructure through ECS and EKS, unlike Azure Arc, AWS cannot
manage external clusters to roll out policies and configuration.
AWS Outposts is an extension of EC2 that can run some of the AWS managed services. Azure Arc is a much broader hybrid cloud platform with support for a variety of computer environments running in the enterprise data center. If the environment can run a managed Kubernetes cluster,
Azure Arc can deploy data services.
Azure Arc vs Google Anthos
Anthos from Google is a hybrid cloud platform built using modern infrastructure building blocks such as Kubernetes, Istio, and Knative. It’s a logical extension of Google Kubernetes Engine that runs in the customer environment.
Through the acquisition of Velostrata, Google has built tools that convert traditional virtual
machines to containers running on Kubernetes. Though technically Anthos can run VMs and
Copyright© 2019 Sogeti. All rights reserved
containers side-by-side, Google encourages customers to modernize the apps through
containerization.
Google is slowly but steadily porting some of the managed services such as Dataproc, Cloud Run, and Kubeflow to Anthos. Other services from the data and AI portfolio are expected to be ported to Anthos in the future.
Anthos can also manage 3rd party Kubernetes clusters through a single control plane. It can also
apply and manage configuration policies and security settings through a central location.
There are quite a few similarities between Google Anthos and Azure Arc. Both can register external clusters and manage them through the same control plane. Both platforms can deploy applications across multiple clusters. Like Anthos, Azure Arc takes advantage of the Kubernetes
foundation to run managed data services.
But the key difference with Azure Arc is the first-class support for VMs. Customers can easily mix and match physical servers, VMs, and Kubernetes clusters within the hybrid environment.
Google is yet to bring managed database services such as Cloud SQL and Bigtable to Anthos. Azure Arc runs SQL and PostgreSQL Hyper scale from day one.
Anthos includes Cloud Run and Knative to simplify the developer experience of dealing with
Kubernetes. Azure Arc encourages developers to embrace OAM design and deploy applications
based on Rudr and Dapr.
Next Steps:
As a next step, we will dig deep into how to setup ARC for VM along with monitoring support of
Azure.
References:
https://www.forbes.com/sites/janakirammsv/2019/11/05/why-azure-arc-is-a-game-changer-for-
microsoft
https://thenewstack.io/azure-arc-is-developing-into-a-full-hybrid-infrastructure-system/
Copyright© 2019 Sogeti. All rights reserved
About Sogeti
Learn more about us at
www.sogeti.com
About Sogeti
Sogeti is a leading provider of technology and engineering services. Sogeti delivers solutions that enable digital transformation and offers cutting-edge expertise in Cloud, Cybersecurity, Digital Manufacturing, Digital Assurance & Testing, and emerging technologies. Sogeti combines agility and speed of implementation with strong technology supplier partnerships, world class methodologies and its global delivery model, Rightshore®. Sogeti brings together more than 25,000 professionals in 15 countries, based in over 100 locations in Europe, USA and India. Sogeti is a wholly-owned subsidiary of Capgemini SE, listed on the Paris Stock Exchange.
Learn more about us at
www.sogeti.com
