Azure Arc Is a Control Plane to Orchestrate Hybrid Cloud Systems

Azure Arc makes Azure Resource Manager templates the control plane for managing and applying governance to all your infrastructure – VMs, Kubernetes or databases, on Azure, on your own hardware and in other clouds – in a consistent way, using gitops, and brings a subset of Azure services to that infrastructure (starting with database services).

Oct 7th, 2020 11:13am by Mary Branscombe

Featued image for: Azure Arc Is a Control Plane to Orchestrate Hybrid Cloud Systems

According to the Flexera 2020 State of the Cloud Report, 87% of enterprises are using hybrid cloud — up from 75% in the previous study. But while hybrid cloud might be nearly ubiquitous, what people are doing with it varies, which is why Microsoft has an increasingly wide range of hybrid cloud products, from Azure Stack Hub for running on cloud-like hardware to Azure Stack Edge that’s small enough to put in a backpack or install on a factory production line.

Azure Arc makes Azure Resource Manager templates the control plane for managing and applying governance to all your infrastructure — VMs, Kubernetes or databases, on Azure, on your own hardware and in other clouds — in a consistent way, using GitOps and brings a subset of Azure services to that infrastructure (starting with database services).

But Arc is also emerging as the umbrella technology that ties those different hybrid solutions more closely together.

Cloud Patterns Anywhere

Few organizations decide to move everything to the cloud Talal Alqinawi, Microsoft senior director in Azure Marketing told the New Stack.

“There will be some IT resources, whether they are physical hardware, VMs, Kubernetes clusters or databases, that will stay in your data center or at the edge for some time or maybe forever, if it is a data regulated thing. With Azure Arc, we give you the ability to manage both centrally under one control plane from the Azure portal. Below the control plane, you can use Arc to deliver services to your edge or your data center in a hybrid way.”

With Arc, an enterprise can connect on-premises infrastructure to the cloud and manage it automated, or bring cloud services to an existing infrastructure with Azure enabled data services.

The first step is Arc-enabling the infrastructure, whether that’s VMs, bare metal or Kubernetes, by installing the Arc agent. That projects them into the Azure portal and provides a consistent way to manage all the environments, however disparate, and apply the same policy, security and monitoring to them. Arc-enabled infrastructure appears in the Azure portal alongside infrastructure that’s actually part of Azure.

VMs running on VMware can be Arc-enabled, like any other VM; currently they need to be enabled individually, but Microsoft said at the recent Ignite conference that it was looking into Arc-enabling the hypervisor too, for VMware customers.

Arc-enabled servers is now generally available for production workloads on both Linux and Windows, while Arc-enabled Kubernetes (including config management using GitOps) is in public preview. Also in public preview are using Azure services against VMs and Kubernetes clusters to monitor and make sure new resources are onboarded with an approved configuration: Azure Policy (for tagging servers or clusters, organizing them in hierarchies and setting configuration controls like password policies), Azure Monitor, Azure Sentinel (Microsoft’s cloud SIEM), Azure Defender (antimalware and threat analysis), Update Management (which shows updates available for servers and schedules when to apply them) and Desired State Configuration. That supports any Cloud Native Computing Foundation (CNCF)-certified Kubernetes distribution.

Arc can also bring existing SQL Server instances to the cloud; Arc-enabled SQL Server lets you track SQL Server 2012 or higher running on Windows or Linux, on-premises, on Azure and other clouds in Azure Portal and use Azure Security Center to see any vulnerabilities in those instances, and get real-time security alerts for both the database and the OS. That’s also in public preview and uses the Connected Machine agent, the Microsoft Monitoring Agent extension and Azure Log analytics.

Arc can also bring a subset of Azure services to any infrastructure (including other clouds). Initially, that’s Arc-enabled data services, starting with Azure SQL Managed Instance and Azure Database for PostgreSQL Hyperscale (which uses the Citus extension to Postgres to make it a distributed database), running on Linux on any certified Kubernetes distro.

Officially, Microsoft says it supports AKS, AKS on Stack HCI, AKS on Azure Stack Hub, GKE, EKS, and open source Kubernetes (kubeadm), OpenShift Container Platform (OCP) and Azure Red Hat OpenShift. A Microsoft engineer stated at the recent Ignite conference “We have tested on other platforms and have found that in things generally work fine on other CNCF-certified Kubernetes distributions and services.”

Arc data services rely on the resource provider that runs in Azure and the Arc data controller; that’s a set of Kubernetes pods deployed on your Kubernetes cluster (in any location) that provide both the controller service or run the database services and an API, plus Kibana and Grafana dashboards for visualization of monitoring data locally (although you can also choose to export it and view it in the Azure portal).

Again, that’s currently in public preview for the indirectly connected mode where all management capabilities — monitoring, backup, restore, log analytics and self-service provisioning are local, using Kubernetes for authentication and authorization; in the future, there will also be a directly connected mode but Microsoft hasn’t yet given more details.

The difference between Arc-enabled SQL Server and Arc data services isn’t just the wider choice of databases; it’s that with data services, Azure handles the updates, deployment, backup/restore, monitoring, security and elastic scaling, so just like in the cloud you get an evergreen database service that’s always up to date and in support.

Microsoft expects to issue updates monthly and admins will be in control of when those are applied (by scheduling the update in a maintenance window or triggering it manually), but the deployment of the updated will be fully automated.

Similarly, scaling is automated. For example, PostgreSQL Hyperscale needs two worker nodes; Arc makes sure Kubernetes schedules those on two different Kubernetes nodes for scale-out and if you add more worker nodes, those will also be placed on different Kubernetes nodes. The ops team can do the scaling and rebalancing using GitOps and the Azure CLI, while database admins can carry on using familiar tools like Azure Data Studio.

Pick and Mix Hardware and Support

The point of Arc is that it works with the hardware (or cloud providers) you already have but for customers who want certified hardware for Arc-enabled data services. Microsoft is working with OEM partners to set up a program.

But Arc can also manage some workloads on Microsoft’s Azure Stack hardware. That includes not just VMs and Kubernetes clusters but the new AKS on Azure Stack HCI service (also in public preview).

Azure Stack HCI is a cloud service that turns a hyperconverged Windows Server cluster running on certified hardware into infrastructure that runs cloud services. Those services on top of a refactored version of Windows Server that you pay for only when you use it (no Windows licenses required), through the same Azure subscription as the services you run on it (or on Azure) and that you manage through the Azure portal.

AKS on Azure Stack HCI puts Microsoft’s managed Azure Kubernetes runtime on that fully supported stack for running Windows or Linux containers, again using Arc as the management plane. And once AKS is deployed, you can also run Arc-enabled data services on it.

“AKS-HCI is running on VMs on an Azure Stack HCI cluster; however we abstract that complexity away to enable IT and developers to have a streamlined, efficient and fast deployment process and a consistent-with-Azure usage experience once deployed,” Ben Armstrong, Microsoft principal program manager lead on the platform virtualization team told us.

When you set up AKS on Azure Stack HCI and deploy Kubernetes clusters, they’re automatically set up with Arc and connected to Azure to get the benefit of integrating with Azure services (although customers can choose to deploy AKS without using Arc, using Windows Admin Center or PowerShell, and monitoring it with their choice of Kubernetes tools instead). Because of that AKS on Azure Stack HCI is likely to require a periodic connection to Azure (perhaps once a week or once a month).

As well as being a control plane for the infrastructure underneath AKS, Arc can also manage the Kubernetes workloads and cluster configuration through GitOps, the way it would on any other Kubernetes cluster.

AKS on Azure Stack HCI shares an upstream code repo with the cloud AKS service, for both application compatibility and delivering a consistent user experience, Armstrong said.

“Through the streamlining of the deployment experience, the end result is very similar to what you’d expect in a Kubernetes cloud service like AKS, in particular the ability for developers and IT to focus on their workloads, and a GUI/programmatical way to quickly stand up new workload clusters for their application needs, without needing to focus on the plumbing under the covers,” Armstrong said.

Cloud Services, Cloud Pricing

Arc is being developed like a cloud service, with different pieces in private and public preview and moving to general availability.

With some of the features still in preview, pricing isn’t available for everything you can do with Arc. There’s no cost to onboard servers to Arc and the portal and CLI tooling give you tooling like inventory, RBAC and search using the Azure resource graph without any additional cost, but using Azure services against Arc-enabled infrastructure will incur costs which Microsoft calls consistent with using them directly on Azure. Arc data services and AKS on Azure Stack HCI are priced as pay-as-you-go cloud services (for data services that will be based on the numbers of cores the database instances are consuming).

There are no data ingress/egress costs for Arc data services, but if you’re running that on a hosted service that has ingress/egress costs that provider may well charge you for data going to and from the database instances and the Arc data controller; there’s only a small amount of traffic to and from the data controller but if you add Azure services like Azure Monitor, Log Analytics or Azure Backup, that could mean sending a more substantial amount of data. Of course, that’s true of any multicloud system.

With Arc, Microsoft is developing a coherent approach to bringing a wide range of infrastructure to its management plane. But while the focus on hybrid for the last four years is something other cloud providers have had to catch up on, CCS Insight vice president for enterprise research Nicholas McQuire suggested to the New Stack that Arc will need even stronger multi-cloud support — an area where IBM and Google Cloud are focusing on more than Microsoft.

“A crucial component of extending the Azure control pane now is to the other clouds. The Arc announcements at Ignite have added some critical pieces, most notably in server and managed database enablement, we expect in the future to see more Arc services that extend to AWS and GCP environments as well in line with the market for public cloud services.”

So far Arc has focused on mainstream infrastructure and database workloads but Microsoft will need to extend the Arc umbrella to more data services like analytics, machine learning and even 5G edge computing, McQuire suggested.

The Cloud Native Computing Foundation is a sponsor of The New Stack.

Feature image by JacLou DL from Pixabay.

TNS owner Insight Partners is an investor in: The New Stack.