Introducing Azure Arc use cases
In simple words, Azure Arc lets customers bring their legacy infrastructure and still leverage modern cloud technologies to innovate their IT infrastructure, applications, and data services. You can bring your legacy hardware infrastructure running supported Window or Linux machines and manage their access control using your Azure Role-Based Access Control (RBAC) and run a managed SQL database there.
Essentially, Azure Arc services help organizations use cloud innovation wherever they need.
Azure Arc has use cases across governance, compliance, security, management, cloud-native applications, data services, and various other scenarios. Let's look at them in the next sections.
Organizing and governing across environments
In today's IT world, enterprises have enormous types of applications and data services, each having its own planning, security, and governance best practices based on its design principles and hosting architecture.
Using Azure Arc, you can organize and govern these resources consistently irrespective of their hosting location. You will be able to easily organize, manage, govern, and secure your Windows and Linux servers, SQL Server databases, and Kubernetes clusters, across data centers, edge, and multi-cloud environments. You will use familiar Azure Resource Manager (ARM) capabilities, such as ARM templates, Azure Policy, and Azure Resource Graph, to manage both your cloud and other environments, including on-premises and other cloud platforms.
In simple words, you can define your overall IT security and governance policies in one place (Azure) and apply them across all your environments along with continuous monitoring using Azure Monitor.
Building cloud-native apps at scale
Azure Arc helps you deploy your containerized apps securely and consistently across environments including Azure and non-Azure infrastructure. With Azure Arc and DevOps techniques, now you can deploy your applications to a Kubernetes cluster running anywhere in the world without leaving GitHub.
Along with app deployment, you also enable consistent monitoring and governance frameworks across the Kubernetes clusters running in Azure, on-premises, or even Elastic Kubernetes Service (EKS) or on Google Kubernetes Engine (GKE).
Running Azure data services anywhere
In the last decade, cloud databases have proven to be revolutionary and help organizations to quickly ship their products without being concerned about their database's high availability, performance, and so on.
Azure Arc allows you to run the same cloud database runtime in your own hardware. At the time of writing, it supports Azure databases for PostgreSQL and Azure SQL Database managed instances. It allows you to run a highly available, secure, and highly scalable database service close to where your compute is running.
Meeting security, compliance, and regulatory requirements
Azure Security Center and Azure Defender are hubs for security and compliance for everything in Azure. With Azure Arc, you can extend the same security and compliance capabilities to your own infrastructure and stay compliant along with meeting your regulatory requirements of hosting your data wherever you need to.
Example customer use case
Our customer, Contoso Ltd., is a financial institution based out of Europe. Over the years, Contoso has built a large IT infrastructure deployed across multiple data centers across Europe and outside, a couple of co-locations, and cloud platforms including Azure and AWS.
Security practices, guidelines, and requirements continued to change over the years depending on where the applications were hosted. With automation and DevOps practices being introduced recently, Contoso is struggling with a server sprawl situation and organizing and governing IT resources across the environments. Server sprawl defines a situation where there is an enormous number of servers being underutilized, unmanaged, poorly managed and poorly governed, or even unknown to IT teams in some situations.
Business requirements
Contoso would like to consolidate and eliminate the server sprawl situation while ensuring the governance, security, and compliance practices are met across the environment irrespective of hosting location. Let's look at some of the key requirements for Contoso Ltd., as follows:
- Apply governance and centralized management across Windows and Linux servers running as bare metal or as Virtual Machines (VMs) in data centers and public clouds.
- Apply security and configuration policies consistently, everywhere.
- Provide the ability to specify governance requirements based on applications and track the overall governance and compliance state.
- Simple visibility across environments using a single pane of glass.
- Remediate any configuration and compliance issues.
Solution with Azure Arc
Azure Arc can help Contoso overall by providing the following capabilities across their data centers, co-locations, and both the Azure and AWS cloud platforms, as follows:
- Use the Azure portal to centrally manage and govern your servers across environments.
- Consistently apply governance and compliance policies using Azure Policy and Azure Defender.
- Have a centralized compliance view across servers from different environments.
- Remediate the compliance issues through Azure Policy:
Figure 1.2 – Azure Arc use cases
In this section, we learned what Azure Arc is and where can it be useful. Let's move ahead and understand in some more detail what goes on under the hood.
