For those at Ignite today, there was some pretty big announcements from Microsoft and especially around hybrid management. Now previosly AWS and Google has had the upper hand with their edge funtionality mainly that they can provide their own services running on existing virtualized platforms and Microsoft has only had Azure Stack which means that you still need to have two different platforms for management.
You can also view the blogpost announcement here –> https://azure.microsoft.com/nb-no/blog/azure-services-now-run-anywhere-with-new-hybrid-capabilities-announcing-azure-arc/
Now this is where Azure ARC comes in, think about it as extending Azure management to any infrastructure for unified management, governance and control across clouds, datacenters and edge.
When you think about it, this is what AWS and Google are doing with their Hybrid Services? where you have the same management plane, but services across. I think that this was what Microsoft did wrong with Azure Stack having a seperate management plane (I get the point with disconnected but still…) With ARC you will have the capability that you have been investing into with all the security features within to manage resources.
In essence it is a couple of things that are coming that was announced:
- Hybrid Management for Servers (Meaning that you have an agent installed on your servers) in the preview Azure ARC supports. Windows Server 2012 R2 and newerUbuntu 16.04 and 18.04. Where the agent will communicate back to the Azure control plane. As of know the supported features are Policies and reporting, if you want to have more monitoring or security features such as Microsoft Defender ATP and Log Analytics you need to have more agents installed. (Please make sure you read the Azure Resource Manager limits, and plan for the number of the machines to be connected according to the guideline listed for the subscription, and for the resource groups. In particular, by default there is a limit of 800 servers per resource group.) you can download the agent here –> https://aka.ms/AzureConnectedMachineAgentYou can read more about getting started here –> https://docs.microsoft.com/en-us/azure/azure-arc/servers/overview
- Hybrid Management for Kubernetes which is essentially where the Azure ARC Fabric Controller is running. ARC is running as a Pod within your Kubernetes enviroment where is has access to that you can deploy new servics against the kubernetes enviroment. This can only be possible if the Kubernetes enviroment has access to a public Repo which ARC can reach from. Essentially using ARC you are pushing commands to a queue which the Arc fabric controller is listening to, then a new command is issued such as a deployment, it will take that command pull it down.
- Hybrid Data Services (Which you can read more about here –> https://azure.microsoft.com/en-us/services/azure-arc/hybrid-data-services/) but it is essentially a way to deliver Azure Services anywhere. Azure SQL Database and Azure Database for PostgreSQL Hyperscale are now available on Azure Arc for private preview. Over time, we will bring other Azure data services to Azure Arc. Azure data services on Azure Arc requires you to have a Kubernetes cluster as the orchestrating fabric in your environment to run Azure data services on the hardware of your choice. We will work with major Kubernetes distributions as supported options.
- API Management also running as a containerized workload on-prem but managed trough Azure Management Portal.
Now of course access to the different servies and servers can be used in combination with Azure Active Directory and other features such as Azure Lighthouse and other RBAC mechanisms.
This Hybrid Management Service allows you to manage non-Azure servers: on-premise servers, virtual or physical; or virtual machines in other hosted clouds. It allows your non-Azure servers to be treated as resources in Azure. Each server has a Resource ID, is managed as part of a Resource Group inside a subscription,
and benefits from standard Azure services such as Policy and tagging. Azure Arc automates database management tasks for management at scale. Fast provisioning, patching, setting up HA, backup-restore, and on demand elastic scale are available out of the box. Azure Arc also enables you to extend Advanced Data Security, Azure Backup, Monitoring, Role-based Access Control and Azure Policies for databases running in your environment.
Now you need to be aware of that ARC is not going to introduce a whole lot of new features yet, perhaps more PaaS services on Kubernetes but Microsoft already has a long list of services which support Hybrid using a set of different agents for such as Log Analytics, Backup, Security and such. Hopefully moving forward they can have one agent in the core which you can use for the entire aspect.
From within the Azure Portal you can also see Arc, so if you want to try this you need to sign up for the preview 🙂
This is a example of the dashboad where we are using Azure Management Portal as the main management plane for other services
What is it missing?
Now this is still in the early phases, but some of the functionality I hope will come in a future part of the product
- ARM Resource Providers for on-prem – We are using ARM for mostly automation, and be able to extend that to on-prem using ARM as a consistent layer for provisioning would be a great option. That would require that Microsoft extends ARM to plug into the hypervisor layer for Hyper-V and VMware and such, but that shouldn’t be to difficult
- Extensions – Having the ability to use the hosted VM agent as a way to deploy more resources inside the OS and not just policies.
- Management capabilities – What if we could use Bastion in Azure and using a reverse TCP session back to the on-prem enviroment? or bringing bastion as a container services as a way to reach on-prem enviroments.
Just some ideas, looking forward to see how it evolves