Single pane of glass managed solutions with Azure Arc

Cloud resources in Azure are managed and governed through Azure Resource Manager (ARM). ARM is a service layer for Azure that acts as a control plane that provides developers and operations personnel with deployment, management, and governance capabilities through the Azure portal, Azure Cloud Shell, Azure Policy, and role-based access control (RBAC).

Azure Arc extends the ARM service layer to resources that live outside of Azure in on-premises datacenters, other public clouds, or at the edge, giving resources such as servers, Kubernetes clusters, and databases the ability to be managed and governed through the ARM control plane. By extending the ARM service layer and control plane to any resource anywhere, an entire IT estate can be governed and managed through a single plane using Azure tools. Examples of unified operations solution components include:

• Manage multi-cloud and on-premises inventory of server, cluster, and data assets using  a common taxonomy
• Deploy policies that audit or enforce compliance across entire data estate
• Monitor IT assets on any infrastructure using a single tool
• Secure and harden servers and clusters using common policies across any infrastructure
• Manage security incidents and other events proactively and at scale
• Manage Kubernetes cluster configuration and operations with GitOps
• Manage multiple customers on-premises and cloud assets from Azure portal, using Azure Lighthouse with Azure Arc

At a minimum, a strong unified operations solution should include several of the above features as part of a baseline deployment. From there, the solution can be tailored to suit specific technical or industry requirements.

Azure technical components of a unified operations solution

Since Azure Arc unlocks the ability to perform ARM-based operations on any IT asset, we can combine Azure Arc with other native Azure tools to fulfill numerous unified operations use cases. The list below includes links with specific details on how to enable many of these use cases:

• Apply Azure resource tags to any IT asset using a common taxonomy
• Use Azure Policy with Azure Arc to govern any IT assets
• Single-pane monitoring of data estate with Azure Monitor, Log Analytics, and Azure dashboards
• Incident management with Azure Sentinel
• Certificate, secret, and key management with Azure Key Vault and Azure Arc
• Cross-tenant governance and operations with Azure Lighthouse
• Secure and harden servers with Azure Security Center and Guest Configuration
• K8s cluster management and operations with GitOps

Industry applications

By combining the various features and techniques described above, we can build a comprehensive unified operations solution baseline that can be extended to support specific industry use cases. For example, a healthcare organization could use Azure Policy to audit and enforce IT asset compliance for HIPAA HITRUST 9.2. Government entities could build a similar solution to audit NIST SP 800-53 R4 compliance.

Manufacturing or Financial Services industry customers can build edge solutions that require ultra low latency and high availability without adding additional complexity or tool sprawl. Azure Arc also enables Kubernetes-based scenarios for industry, such as container and cluster monitoring and configuration of any cluster anywhere from a common policy framework. No matter where the organization's IT assets reside, we can use Azure as a single pane of glass to manage these complex regulatory requirements. 

Call to action

If you're still getting familiar with Azure Arc, there are a lot of available resources to help you accelerate your journey towards best-in-class hybrid cloud solutions. Check out these resources to get started quickly.

• Azure Arc Jumpstart - detailed guidance and automation templates for over 60 different Azure Arc scenarios
• Azure Arc Jumpstart Demos - video demos of Azure Arc capabilities
• Unified Operations with Azure Arc - YouTube
• Azure Arc Blogs and Ignite announcements
• Azure Arc Migration Paths
• AKS on Azure Stack HCI
• Azure Arc and Azure Lighthouse
• Azure Arc enabled Machine Learning
• Arc Validation Program – conforming various Kubernetes distributions for Arc and extensions.