Understanding Azure Arc
Now that we know what Azure Arc is and how it helps organizations bring agility to their hybrid cloud operations and governance, let's understand the technology behind it and how Microsoft is extending its non-Azure environment.
Azure Resource Manager
ARM is the backbone of the Azure public cloud platform. All requests to Azure are received by ARM and then passed on to the backend control plane of various services. In simple words, ARM handles the deployment and management portion of your Azure environment.
There are various resource providers in Azure, such as Microsoft.Compute and Microsoft.Network. Each resource provider offers certain services and ARM is the way you interact with the resource providers. The Microsoft.Compute resource provider is responsible for resources such as VMs, VM scale sets, disks, and availability sets.
You can view the list of resource providers available in your subscription by using the following instructions. Let's take a look:
- Navigate to the Azure portal (https://portal.azure.com).
- Log in with your preferred Azure account.
- In the search bar, search for
Subscriptions
, as seen in the following screenshot: - Select any of your existing subscriptions and look for Resource providers on the left-hand side:
You can see all the resource providers here; some may not be registered for your subscription. In order to use services by the resource providers, you must register them first. Typically, ARM handles this for you for common resource providers by default.
ARM, along with resource providers, builds what's called the control plane of Azure.
The Azure control plane beyond Azure – Azure Arc
Azure Arc extends the Azure control plane to non-Azure environments. Essentially, you leverage the same ARM and resource provider technologies to manage your non-Azure environment.
Azure Arc introduces new resource providers for managing non-Azure environments. At the time of writing this book, this includes Microsoft.HybridCompute
and Microsoft.AzureArcData
along with Microsoft.GuestConfiguration
, which is responsible for providing Azure policy services across both Azure and non-Azure environments.
Exploring Azure Arc services
Azure Arc is a group of services offered to enable hybrid cloud functionality across various technologies, including computers and data. Let's dive into each service and see what they offer.
Azure Arc-enabled servers
Azure Arc-enabled servers allow you to manage and govern your Windows and Linux servers running outside Azure. You can onboard your servers running on physical servers or as VMs on your network or other public cloud platforms, to Azure. Once a server is onboarded, it is treated as a first-class citizen in Azure; that is, you will see a dedicated Azure resource for each onboarded server.
In Azure Arc terminology, each onboarded server is called a connected machine. Each connected machine has its own Azure resource ID and can be managed through the Azure portal, CLI, APIs, PowerShell, or any supported SDK and third-party automation products.
Azure Arc-enabled servers are generally available, that is, they can be used in production.
Supported scenarios
At the time of writing this book, you can perform management and governance for Arc-enabled servers limited to the following scenarios. This list will continue expanding, so be sure to check the Azure Arc-enabled server's documentation (https://docs.microsoft.com/en-in/azure/azure-arc/servers/) to stay updated on supported scenarios.
The scenarios are as follows:
- Guest configurations with Azure Policy (https://docs.microsoft.com/en-us/azure/governance/policy/overview)
- Change tracking and inventory management with Azure Automation (https://docs.microsoft.com/en-in/azure/automation/)
- Monitoring through Azure Monitor (https://docs.microsoft.com/en-in/azure/azure-monitor/insights/vminsights-overview)
- Consistent deployments with desired state configuration and custom extensions
- Update Management through Azure Automation
- Security, compliance, and threat detection with Azure Security Center (https://docs.microsoft.com/en-in/azure/security-center/security-center-introduction)
We will be discussing Azure Arc-enabled servers in detail in future chapters.
Azure Arc-enabled Kubernetes
Azure Arc-enabled Kubernetes allows you to manage and perform consistent deployment on Kubernetes clusters running outside Azure, the same way you do for Azure's native Kubernetes offering, that is, Azure Kubernetes Service.
At the time of writing, Azure Arc-enabled Kubernetes is in preview. It is not recommended to use preview services in production.
Supported scenarios
Let's look at what you can do with your Kubernetes clusters once they're in Azure. This list will continue expanding, so be sure to check the Azure Arc-enabled Kubernetes documentation (https://docs.microsoft.com/en-us/azure/azure-arc/kubernetes/overview) to stay updated on supported scenarios:
- Consistent deployment with GitOps (https://www.gitops.tech/)
- Cluster configuration management and compliance with Azure Policy
- Monitoring with Azure Monitoring for containers (https://docs.microsoft.com/en-us/azure/azure-monitor/insights/container-insights-overview)
Azure Arc-enabled data services
Azure Arc-enabled data services let you run Azure's cloud database runtime in your environment. You will need to have a supported Kubernetes cluster to deploy these services.
At the time of writing of this book, you can deploy the following data services to a supported Kubernetes cluster running anywhere:
- Azure Database for PostgreSQL (Hyperscale) (https://azure.microsoft.com/en-in/services/postgresql/)
- Azure SQL Managed Instance (https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/sql-managed-instance-paas-overview)
Supported scenarios
Let's take a look at some of the supported scenarios with Azure Arc-enabled data services. This list will continue expanding, so be sure to check the Azure Arc-enabled data services documentation (https://docs.microsoft.com/en-us/azure/azure-arc/data/overview) to stay updated on supported scenarios:
- Run PostgreSQL Hyperscale or Managed Instance databases in a non-Azure environment. It includes the features and capabilities supported by these cloud databases.
- Backup and recovery.
- Scale up and down dynamically.
- Two connectivity modes (directly connected and indirectly connected).
- Security and governance through your familiar Azure tools.
- Support for Azure Data Studio.
- Monitor with Azure Monitor.
We will be discussing the supported scenarios and limitations in the respective chapters.
Important note
The feature set of Azure Arc-enabled data services and their respective cloud database service isn't identical. Please refer to the Microsoft documentation (https://docs.microsoft.com/en-in/azure/azure-arc/) to learn more about limitations and so on.
At the time of writing, Azure Arc-enabled data services are in preview. It is not recommended to use preview services in production.
Azure Arc-enabled SQL Server
Azure Arc-enabled SQL Server lets you manage the SQL servers deployed outside Azure. Azure SQL databases have strong data protection capabilities through their advanced data security services. With Azure Arc-enabled SQL Server, you can leverage the same security capabilities for your SQL servers running outside Azure.
Azure Arc-enabled SQL Server is part of the Azure Arc-enabled servers. This service is still in preview. It is not recommended to use preview services in production. Supported scenarios
Let's look at some of the supported scenarios with Azure Arc-enabled SQL Server. This list will continue expanding, so be sure to check Azure Arc-enabled SQL Server documentation (https://docs.microsoft.com/en-us/sql/sql-server/azure-arc/overview) to stay updated on supported scenarios:
- Onboard both Windows- and Linux-based SQL servers.
- Assess your SQL servers against best practices across security, compliance, availability, business continuity, performance, and scalability.
- Protect your SQL servers with Azure Defender (https://docs.microsoft.com/en-us/azure/security-center/defender-for-sql-introduction).
As at this stage we have formed a good foundational understanding of all the offerings under the umbrella of Azure Arc and the supported scenarios, we will now move ahead and get in the real game of creating our own lab environment, on top of which we will be hosting our entire solution.