The yearly Ignite conference is much like Christmas morning for Microsoft cloud enthusiasts. Microsoft parades out a bunch of shiny new services just begging to be played with. The 2019 installment was certainly no different as they showed off cool toys like Project Cortex, Endpoint Manager and Power Virtual Agents. Perhaps the most welcomed gift was a new way to look at hybrid and multi-cloud environments courtesy of Azure Arc.
What is the problem Azure Arc is trying to solve?
To understand the pain point Arc is meant to heal, we need to look at the current landscape enterprises are operating within. Rarely does a company devote all its infrastructure needs to a single cloud provider. Usually, it’s infinitely more complicated than that. Often times, organizations opt for a multi-cloud solution where they commit to more than one vendor to fuel their cloud strategy. In this model, you aren’t at the mercy of a single vendor should prices go up or service quality deteriorate. This approach also provides a valuable failover option should one of your cloud providers suffer an outage. In addition to multi-cloud, some organizations run part of their resources from the cloud while others remain firmly on-premise. This could follow a hybrid public and private cloud model. There are a lot of reasons organizations choose this route. For some resources, the move to the cloud doesn’t make sense. Yet another model is those who run resources at remote locations on the edge.
As organizations grow, this infrastructure puzzle becomes ever more intricate and difficult to manage. We start to ask questions like:
- How do we allow legacy systems, running on-prem, to participate in the cloud dance?
- How do we properly secure resources when they reside on-premise and outside of Azure?
- How can we reliably inventory, deploy, patch and maintain this expansive web of resources?
What is Azure Arc, and why is it better?
Prior to Azure Arc, there were hybrid cloud solutions like Azure Stack and AWS Outposts allowing you to bring your cloud on-prem. The big problem with these solutions is they were pricey and inflexible. They dictated that you had to use proprietary hardware from Azure or AWS, and there was no good way to cart over that legacy application that has melded to the rack. Azure has always prided itself in being on the forefront of multi and hybrid cloud solutions so it should come as no surprise that they were actively in search for a better way.
Azure Arc allows enterprises to manage servers (Windows or Linux), Kubernetes clusters and data services (Azure SQL and PostgreSQL Hyperscale) wherever they happen to run. To understand how they did this, we need to look at how Azure currently manages resources, namely the Fabric Controller and Resource Manager. The Fabric Controller is the control plane every Azure resource goes through. It doesn’t matter if you are provisioning a VM or tearing it down. Fabric Controller digests and keeps track of all the various state changes of every resource in its domain. Azure Resource Manager (ARM) handles the lifecycle of each resource within the Fabric Controller. To allow Azure Arc to manage all these different resources, the Fabric Controller had to see the legacy hardware operating on-prem and the Kubernetes cluster running in AWS as just another resource. This is the beauty of Azure Arc.
Azure Arc is a centralized management panel to control all of your resources. It handles resource inventory, governance through Azure Policy and role-based access control (RBAC). By using ARM templates, you can extend resources outside the bounds of Azure. These templates allow you to define policies, role-based security and apply tagging to your individual resources regardless of where they reside. This makes it a breeze to manage and govern resources to meet compliance requirements.
Azure Security Center and Azure Monitor are integrated to help manage resources. Regardless of where a resource is deployed to, it can feed its logs back to Azure Monitor. Azure Security Center can push out patches, encrypt a file system and actively work to ensure compliance. Everything is automated.
How does Azure Arc compare to AWS Outposts and Google Anthos?
If Azure Arc’s tagline was deploy anywhere, AWS Outposts would be deploy anywhere as long as you are running AWS hardware in your data center. Outposts aligns more closely with Azure Stack. Azure Arc allows you to sidestep that pricey hardware and enterprise support expenditure so you can run off your existing hardware. You also aren’t required to break your brain wondering how you are going to get that monolithic legacy application off its ancient hardware.
Google Anthos is a closer competitor to Arc. It can handle third-party Kubernetes clusters, run deployments and maintain consistent security policies from a single management panel. Where it fails to measure up is support for VMs. In dynamic environments where you are running a mix of different solutions, this is a must.
With the recent entry of AWS Outposts, it looked like Amazon was finally threatening to contest Microsoft’s dominance in the hybrid cloud space. Yet with the introduction of Azure Arc, Microsoft pulls ahead of the pack once again. How long will they hold the pole position? Its hard to say in the fast moving world of the cloud. Azure Arc solves a lot of sticky problems that enterprises, operating hybrid and multi-cloud, had been grappling with.
Image source: Microsoft