By Tony Baer (dbInsight) and Azure Security News
As Mary Jo Foley reported this week, hybrid cloud drew a cluster of announcements at Microsoft Ignite. Among them were announcements for general availability of Azure Arc enabled server that enables connecting any server to Azure where it can be managed on a single pane of glass , and the public preview of Azure Arc enabled data services, which include a choice of Azure SQL Managed Instance and PostgreSQL Hyperscale.
A year after Azure Arc’s announcement, over a thousand preview customers have given the software-defined hybrid platform the stress test and the core platform is now entering general release. Given that hybrid cloud computing can mean many different things – are we talking appliance or software, vendor- or enterprise-control, Kubernetes or not – we thought it would be a good time to look more closely at what the hybrid cloud experience will mean for Arc customers.
According to Microsoft, some Azure Arc preview customers have stress tested it at scale, governing up to thousands of physical and virtual servers. So how are early customers using Azure Arc? Avanade, a long time Microsoft systems integration partner, is using Arc in conjunction with Azure Lighthouse, to monitor customer environments. Specifically, they collect telemetry and inventory data to generate recommendations on how to save money and how and what to migrate to the cloud. Siemens Healthineers, which supplies high tech medical equipment to hospitals, implemented Azure Arc to deliver SaaS services to clients where patient privacy policies compelled them to maintain data on premises. Africa’s Talking, a provider of telco payments solutions to mobile providers, is using Arc to centrally manage hundreds of edge locations.
What is the hybrid experience like? The core notion is layering the cloud control plane inside an enterprise’s own data center. Beyond that, what hybrid cloud actually is varies widely. Our research from earlier this year pointed out the looseness of the concept: the definition of what makes a hybrid cloud ranges from software-defined environments to appliances that either the vendor manages, or they don’t. So, when an enterprise implements a hybrid cloud platform, how is the environment being controlled?
At Ignite, Microsoft provided its answer on how Azure Arc brings cloud control on premises. The cornerstone of Azure Arc is Azure Resource Manager, the nerve center that is used for creating, updating, and deleting resources in your Azure account. That encompasses allocating compute and storage to specific workloads and then monitoring performance, policy compliance, updates and patches, security status, and so on.
You can also fire up and access Azure Resource Manager through several paths ranging from the Azure Portal to APIs or command line interface (CLI). It provides a single pane of glass for indicating when specific servers are out of compliance; specific VMs are insecure; or certificates or specific patches are out of date – and it can then show recommended remedial actions for IT and development teams to take. While it requires at least some connection to the Azure Public Cloud, it can run offline when the network drops.
Microsoft has built a lot of flexibility as to the environments that Azure Arc governs. It can be used for controlling bare metal environments as well as virtual machines running on any private or public cloud, SQL Server, or Kubernetes (K8s) clusters. And they can all be managed from the same pane of glass, where you can mix and match the monitoring and managing of any or all of those bare metal and virtualized environments.
Given that the initial release of Azure Arc does not have any Azure PaaS or SaaS services, it is meant for connecting existing enterprise database and application workloads to the new control plane. And as with any legacy scenario, there may be variations as to what’s governed or tracked from one organization to the next. Many enterprises already have an on-prem set of management tools and with Azure Arc you can continue using them for some servers or workloads while using Azure counterparts for managing others that benefit from Azure management automation.
Lately, many cloud providers are getting onboard the train to demonstrate hybrid platforms that support multi-cloud deployment. A few weeks back, we added our own two cents to the issue – there’s going to be a lot more management overhead when you bridge multiple clouds. In conjunction with a related announcement – Azure Arc enabled data services was becoming available in public preview – Microsoft demonstrated how identical K8s clusters running Azure SQL managed instance could be deployed in rival clouds. Out of the box, Azure Arc enabled data services supports K8s configurations for Red Hat OpenShift and the K8s services of each of the major cloud providers: Amazon Elastic Kubernetes Service (EKS); Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE).
In the demo, a YAML file specifying the configuration for an Azure SQL managed instance in a K8s cluster was downloaded from a Git repository, and then instantiated in each of the clouds. A simple script can then be run for checking the status of each of the deployments. Azure Arc can be set up to poll the Git repository for any updates, and if necessary, automatically patching existing K8s clusters under its control.
Because they are Microsoft-provided services, Arc enabled data services are managed differently from the customer’s own legacy systems running under Arc. Just as in the public cloud, Microsoft automatically updates and patches implementations of SQL Managed Instance and PostgreSQL Hyperscale. Instances can also be provisioned via self-service using Azure Data Studio, or manually through CLI or K8s tooling.
The demonstration showed how applying a cloud control plane can meet the promise of IT operational simplification. The good news with Azure Arc is that it allows enterprises to choose their own paths for making the transition – your team does not necessarily need to become Kubernetes experts overnight, it can work with the virtualization schemes that they already have, and with Arc, your team can be selective by server as to whether continue utilizing existing security tools or compliance audits, for example. Azure Arc provides the single control plane for governance, but also lets you manage with existing tools for servers or workloads that are not yet readied for full cloud-native control.
Microsoft is hardly the only provider to offer a smorgasbord of options for transitioning from your on-premise legacy to cloud management – VMware also provides its own paths for AWS and Azure, for instance. Instead, the real challenge for IT teams is that embracing cloud-based control will require unlearning old habits.