Single pane of glass managed solutions with Azure Arc

Published Mar 02 2021 06:00 AM 2,566 Views
Microsoft

Single pane of glass managed solutions with Azure Arc

Cloud resources in Azure are managed and governed through Azure Resource Manager (ARM). ARM is a service layer for Azure that acts as a control plane that provides developers and operations personnel with deployment, management, and governance capabilities through the Azure portal, Azure Cloud Shell, Azure Policy, and role-based access control (RBAC).

dalekirby_0-1614365705478.png

 

Azure Arc extends the ARM service layer to resources that live outside of Azure in on-premises datacenters, other public clouds, or at the edge, giving resources such as servers, Kubernetes clusters, and databases the ability to be managed and governed through the ARM control plane. By extending the ARM service layer and control plane to any resource anywhere, an entire IT estate can be governed and managed through a single plane using Azure tools. Examples of unified operations solution components include:

  • Manage multi-cloud and on-premises inventory of server, cluster, and data assets using  a common taxonomy
  • Deploy policies that audit or enforce compliance across entire data estate
  • Monitor IT assets on any infrastructure using a single tool
  • Secure and harden servers and clusters using common policies across any infrastructure
  • Manage security incidents and other events proactively and at scale
  • Manage Kubernetes cluster configuration and operations with GitOps
  • Manage multiple customers on-premises and cloud assets from Azure portal, using Azure Lighthouse with Azure Arc

At a minimum, a strong unified operations solution should include several of the above features as part of a baseline deployment. From there, the solution can be tailored to suit specific technical or industry requirements.

 

Azure technical components of a unified operations solution

Since Azure Arc unlocks the ability to perform ARM-based operations on any IT asset, we can combine Azure Arc with other native Azure tools to fulfill numerous unified operations use cases. The list below includes links with specific details on how to enable many of these use cases:

dalekirby_1-1614365705474.png

 

 

Industry applications

By combining the various features and techniques described above, we can build a comprehensive unified operations solution baseline that can be extended to support specific industry use cases. For example, a healthcare organization could use Azure Policy to audit and enforce IT asset compliance for HIPAA HITRUST 9.2. Government entities could build a similar solution to audit NIST SP 800-53 R4 compliance.

 

Manufacturing or Financial Services industry customers can build edge solutions that require ultra low latency and high availability without adding additional complexity or tool sprawl. Azure Arc also enables Kubernetes-based scenarios for industry, such as container and cluster monitoring and configuration of any cluster anywhere from a common policy framework. No matter where the organization's IT assets reside, we can use Azure as a single pane of glass to manage these complex regulatory requirements. 

 

Call to action

If you're still getting familiar with Azure Arc, there are a lot of available resources to help you accelerate your journey towards best-in-class hybrid cloud solutions. Check out these resources to get started quickly.

%3CLINGO-SUB%20id%3D%22lingo-sub-2169688%22%20slang%3D%22en-US%22%3ESingle%20pane%20of%20glass%20managed%20solutions%20with%20Azure%20Arc%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2169688%22%20slang%3D%22en-US%22%3E%3CH1%20id%3D%22toc-hId-1274607345%22%20id%3D%22toc-hId-1274607345%22%3ESingle%20pane%20of%20glass%20managed%20solutions%20with%20Azure%20Arc%3C%2FH1%3E%0A%3CP%3ECloud%20resources%20in%20Azure%20are%20managed%20and%20governed%20through%20Azure%20Resource%20Manager%20(ARM).%20ARM%20is%20a%20service%20layer%20for%20Azure%20that%20acts%20as%20a%20control%20plane%20that%20provides%20developers%20and%20operations%20personnel%20with%20deployment%2C%20management%2C%20and%20governance%20capabilities%20through%20the%20Azure%20portal%2C%20Azure%20Cloud%20Shell%2C%20Azure%20Policy%2C%20and%20role-based%20access%20control%20(RBAC).%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22dalekirby_0-1614365705478.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F258486i6E4018D8DEC34897%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22dalekirby_0-1614365705478.png%22%20alt%3D%22dalekirby_0-1614365705478.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAzure%20Arc%20extends%20the%20ARM%20service%20layer%20to%20resources%20that%20live%20outside%20of%20Azure%20in%20on-premises%20datacenters%2C%20other%20public%20clouds%2C%20or%20at%20the%20edge%2C%20giving%20resources%20such%20as%20servers%2C%20Kubernetes%20clusters%2C%20and%20databases%20the%20ability%20to%20be%20managed%20and%20governed%20through%20the%20ARM%20control%20plane.%20By%20extending%20the%20ARM%20service%20layer%20and%20control%20plane%20to%20any%20resource%20anywhere%2C%20an%20entire%20IT%20estate%20can%20be%20governed%20and%20managed%20through%20a%20single%20plane%20using%20Azure%20tools.%20Examples%20of%20unified%20operations%20solution%20components%20include%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EManage%20multi-cloud%20and%20on-premises%20inventory%20of%20server%2C%20cluster%2C%20and%20data%20assets%20using%26nbsp%3B%20a%20common%20taxonomy%3C%2FLI%3E%0A%3CLI%3EDeploy%20policies%20that%20audit%20or%20enforce%20compliance%20across%20entire%20data%20estate%3C%2FLI%3E%0A%3CLI%3EMonitor%20IT%20assets%20on%20any%20infrastructure%20using%20a%20single%20tool%3C%2FLI%3E%0A%3CLI%3ESecure%20and%20harden%20servers%20and%20clusters%20using%20common%20policies%20across%20any%20infrastructure%3C%2FLI%3E%0A%3CLI%3EManage%20security%20incidents%20and%20other%20events%20proactively%20and%20at%20scale%3C%2FLI%3E%0A%3CLI%3EManage%20Kubernetes%20cluster%20configuration%20and%20operations%20with%20GitOps%3C%2FLI%3E%0A%3CLI%3EManage%20multiple%20customers%20on-premises%20and%20cloud%20assets%20from%20Azure%20portal%2C%20using%20Azure%20Lighthouse%20with%20Azure%20Arc%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EAt%20a%20minimum%2C%20a%20strong%20unified%20operations%20solution%20should%20include%20several%20of%20the%20above%20features%20as%20part%20of%20a%20baseline%20deployment.%20From%20there%2C%20the%20solution%20can%20be%20tailored%20to%20suit%20specific%20technical%20or%20industry%20requirements.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1965168819%22%20id%3D%22toc-hId-1965168819%22%3EAzure%20technical%20components%20of%20a%20unified%20operations%20solution%3C%2FH2%3E%0A%3CP%3ESince%20Azure%20Arc%20unlocks%20the%20ability%20to%20perform%20ARM-based%20operations%20on%20any%20IT%20asset%2C%20we%20can%20combine%20Azure%20Arc%20with%20other%20native%20Azure%20tools%20to%20fulfill%20numerous%20unified%20operations%20use%20cases.%20The%20list%20below%20includes%20links%20with%20specific%20details%20on%20how%20to%20enable%20many%20of%20these%20use%20cases%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22dalekirby_1-1614365705474.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F258487i1C213C3C5DBA2DAB%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22dalekirby_1-1614365705474.png%22%20alt%3D%22dalekirby_1-1614365705474.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fazurearcjumpstart.io%2Fazure_arc_jumpstart%2Fazure_arc_servers%2Fday2%2Farc_inventory_tagging%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EApply%20Azure%20resource%20tags%20to%20any%20IT%20asset%20using%20a%20common%20taxonomy%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fazurearcjumpstart.io%2Fazure_arc_jumpstart%2Fazure_arc_servers%2Fday2%2Farc_policies_mma%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EUse%20Azure%20Policy%20with%20Azure%20Arc%20to%20govern%20any%20IT%20assets%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fazurearcjumpstart.io%2Fazure_arc_jumpstart%2Fazure_arc_servers%2Fday2%2Farc_vm_extension_mma_arm%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3ESingle-pane%20monitoring%20of%20data%20estate%20with%20Azure%20Monitor%2C%20Log%20Analytics%2C%20and%20Azure%20dashboards%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fazurearcjumpstart.io%2Fazure_arc_jumpstart%2Fazure_arc_servers%2Fday2%2Farc_azuresentinel%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EIncident%20management%20with%20Azure%20Sentinel%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fazurearcjumpstart.io%2Fazure_arc_jumpstart%2Fazure_arc_servers%2Fday2%2Farc_keyvault%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3ECertificate%2C%20secret%2C%20and%20key%20management%20with%20Azure%20Key%20Vault%20and%20Azure%20Arc%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-arc%2Fazure-arc-amp-lighthouse-managing-it-infrastructure-anywhere-at%2Fba-p%2F1638980%22%20target%3D%22_blank%22%3ECross-tenant%20governance%20and%20operations%20with%20Azure%20Lighthouse%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fazurearcjumpstart.io%2Fazure_arc_jumpstart%2Fazure_arc_servers%2Fday2%2Farc_securitycenter%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3ESecure%20and%20harden%20servers%20with%20Azure%20Security%20Center%20and%20Guest%20Configuration%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fazurearcjumpstart.io%2Fazure_arc_jumpstart%2Fazure_arc_k8s%2Fday2%2Faks%2Faks_gitops_basic%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EK8s%20cluster%20management%20and%20operations%20with%20GitOps%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-157714356%22%20id%3D%22toc-hId-157714356%22%3EIndustry%20applications%3C%2FH2%3E%0A%3CP%3EBy%20combining%20the%20various%20features%20and%20techniques%20described%20above%2C%20we%20can%20build%20a%20comprehensive%20unified%20operations%20solution%20baseline%20that%20can%20be%20extended%20to%20support%20specific%20industry%20use%20cases.%20For%20example%2C%20a%20healthcare%20organization%20could%20use%20Azure%20Policy%20to%20audit%20and%20enforce%20IT%20asset%20compliance%20for%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fgovernance%2Fpolicy%2Fsamples%2Fhipaa-hitrust-9-2%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EHIPAA%20HITRUST%209.2%3C%2FA%3E.%20Government%20entities%20could%20build%20a%20similar%20solution%20to%20audit%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fgovernance%2Fpolicy%2Fsamples%2Fnist-sp-800-53-r4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ENIST%20SP%20800-53%20R4%3C%2FA%3E%20compliance.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EManufacturing%20or%20Financial%20Services%20industry%20customers%20can%20build%20edge%20solutions%20that%20require%20ultra%20low%20latency%20and%20high%20availability%20without%20adding%20additional%20complexity%20or%20tool%20sprawl.%20Azure%20Arc%20also%20enables%20Kubernetes-based%20scenarios%20for%20industry%2C%20such%20as%20container%20and%20cluster%20monitoring%20and%20configuration%20of%20any%20cluster%20anywhere%20from%20a%20common%20policy%20framework.%26nbsp%3BNo%20matter%20where%20the%20organization's%20IT%20assets%20reside%2C%20we%20can%20use%20Azure%20as%20a%20single%20pane%20of%20glass%20to%20manage%20these%20complex%20regulatory%20requirements.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1649740107%22%20id%3D%22toc-hId--1649740107%22%3ECall%20to%20action%3C%2FH2%3E%0A%3CP%3EIf%20you're%20still%20getting%20familiar%20with%20Azure%20Arc%2C%20there%20are%20a%20lot%20of%20available%20resources%20to%20help%20you%20accelerate%20your%20journey%20towards%20best-in-class%20hybrid%20cloud%20solutions.%20Check%20out%20these%20resources%20to%20get%20started%20quickly.%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fazurearcjumpstart.io%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EAzure%20Arc%20Jumpstart%3C%2FA%3E%20-%20detailed%20guidance%20and%20automation%20templates%20for%20over%2060%20different%20Azure%20Arc%20scenarios%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2FAzureArcJumpstartDemos%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Arc%20Jumpstart%20Demos%3C%2FA%3E%20-%20video%20demos%20of%20Azure%20Arc%20capabilities%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DB2qn_nLDw0k%26amp%3Bab_channel%3DAzureArcJumpstart%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EUnified%20Operations%20with%20Azure%20Arc%20-%20YouTube%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EAzure%20Arc%20Blogs%20and%20Ignite%20announcements%3C%2FLI%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2FArcMigrationPaths%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Arc%20Migration%20Paths%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2FAKSonHCI-Ignite2021-Blog%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAKS%20on%20Azure%20Stack%20HCI%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-arc%2Fazure-arc-amp-lighthouse-managing-it-infrastructure-anywhere-at%2Fba-p%2F1638980%22%20target%3D%22_blank%22%3EAzure%20Arc%20and%20Azure%20Lighthouse%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2FArcEnabledML-Ignite2021-Blog%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Arc%20enabled%20Machine%20Learning%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Faka.ms%252Farck8validation%26amp%3Bdata%3D04%257C01%257CDale.Kirby%2540microsoft.com%257C31c42600dd6041f4d78108d8daf4a13a%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637500091525145627%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C1000%26amp%3Bsdata%3DT5cKBGGlEg72st3P0tVUUsr4QpHNtIa40NVoigPI0io%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EArc%20Validation%20Program%3C%2FA%3E%20%E2%80%93%20conforming%20various%20Kubernetes%20distributions%20for%20Arc%20and%20extensions.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2169688%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-arc%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Arc%3C%2FA%3E%20enables%20new%20hybrid%20solutions%20for%20customers%20and%20partners%20by%20extending%20Azure%20services%20and%20management%20to%20any%20infrastructure.%20With%20Azure%20Arc%2C%20customers%20can%20build%2C%20operate%2C%20and%20manage%20all%20of%20their%20resources%20for%20traditional%2C%20cloud-native%20and%20distributed%20edge%20applications%20in%20a%20consistent%20way%20across%20the%20entire%20IT%20estate.%20This%20means%20that%20you%20can%20now%20manage%20and%20operate%20all%20of%20your%20existing%20and%20new%20IT%20resources%20consistently%20and%20at-scale%2C%20wherever%20they%20reside%2C%20from%20Azure.%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Version history
Last update:
‎Mar 04 2021 04:00 PM
Updated by: