Blog Post

ITOps Talk Blog
7 MIN READ

Azure Arc for Developers

thomasmaurer's avatar
thomasmaurer
Icon for Microsoft rankMicrosoft
Jul 21, 2021

Azure Arc and the Azure control plane enables developers to build hybrid and mutlicloud architectures for their applications. Taking advantage of the Azure control plane to manage infrastructure and allows to deploy Azure services anywhere. This allows customers to build cloud solutions and application architectures consistently, independent of where the application is running. Developers can use their favorite Azure services like WebApps or Azure SQL, and run their applications outside of Azure.

 

Azure Arc for Developers

In this blog post, we will have a look at Azure Arc for developers. Azure Arc allows you to extend Azure management and Azure services to anywhere. Meaning that you can deploy, manage and govern resources running across hybrid and multi cloud environments, and bring services such as Azure SQL Database and Azure PostgreSQL Hyperscale to your on-premise datacenter, edge location, or other cloud providers. Since Azure Arc can help in many different scenarios.

 

Azure Arc

Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform. Azure Arc enables you to manage your entire environment, with a single pane of glass, by projecting your existing resources into Azure Resource Manager. You can now manage virtual machines, Kubernetes clusters, and databases as if they are running in Azure. Regardless of where they live, you can use familiar Azure services and management capabilities. Azure Arc enables you to continue using traditional ITOps, while introducing DevOps practices to support new cloud-native patterns in your environment.

Azure Arc Architecture Single Control Plane

This provides you with a single control plane for your hybrid and multicloud environment.

 

Azure Arc for Developers

Let's have a look at some key Azure Arc scenarios for Developers.

 

Use the Azure Portal to gain central visibility

In hybrid and multicloud environments, it can be difficult for developers to get a central view of all the resources they need to manage. Some of these resources are running in Azure, some on-premises, branch offices, or even at other cloud providers. By connecting resources to the Azure Resource Manager using Azure Arc, developers can get central visibility of a wide range of resources, including Windows and Linux servers, SQL server, Kubernetes clusters, and Azure services running in Azure and outside of Azure.

 

Manage Access

As a developer, you want to make sure that only people who need access can access these systems. You can delegate access and manage security policies for resources using role-based access control (RBAC) in Azure. With Azure Arc enabled servers, we are seeing customers removing the local access for administrators and only provide them access to the system in the Azure portal using Azure Arc and Azure Management services. If you run in multiple environments and tenants, Azure Arc also integrated perfectly in Azure Lighthouse. Azure Lighthouse is especially interesting for managed services providers.

Role-based Access Control

 

Enable your custom deployment locations

Azure Arc enables you to create custom locations, so you can use the Azure Resource Manager not just to deploy to Azure Regions but also to your own custom locations. You can learn more about custom locations on Microsoft Docs.

Azure Regions and custom locations

 

Run cloud-native apps on Azure PaaS anywhere

Azure Arc allows you to deploy Azure application services such as Azure App Service, Functions, Logic Apps, Event Grid, and API Management anywhere, on-premises, edge locations, or any other cloud provider. This is great if you are building and running cloud-native applications on Azure PaaS services and want them to run outside of Azure without rearchitecting them.

These are the new Azure Arc-enabled Application services announced at Microsoft Build 2021. These allow you to run Azure PaaS services on-premises and at other cloud providers.

 

  • Azure App Service makes building and managing web applications and APIs easy with a fully managed platform and features like autoscaling, deployment slots, and integrated web authentication.
  • Azure Functions makes event-driven programming simple, with state-of-the-art autoscaling, and triggers and bindings to integrate with other Azure services.
  • Azure Logic Apps produces automated workflows for integrating apps, data, services, and backend systems with a library of more than 400 connectors.
  • Azure Event Grid simplifies event-based applications with a single service for managing the routing of events from any source to any destination.
  • Azure API Management provides a unified management experience and full observability across all internal and external APIs.

Create App Service and select a custom location

 

Azure Arc enabled Data Services

Next to Azure Application services to run services like Web Apps and Logic Apps, you also want to leverage data services and databases. With Azure Arc enabled Data services you can run services like Azure SQL Managed Instances anywhere. 

The applications services can be combined with the Azure Arc enabled Data services which include:

 

  • Azure Arc enabled Azure SQL Managed Instance â€“ Azure Arc enabled SQL Managed Instance has near 100% compatibility with the latest SQL Server database engine, and enables existing SQL Server customers to lift and shift their applications to Azure Arc data services with minimal application and database changes while maintaining data sovereignty. At the same time, SQL Managed Instance includes built-in management capabilities that drastically reduce management overhead.
  • Azure Arc enabled Azure PostgreSQL Hyperscale â€“ This is the hyperscale form factor of the Postgres database engine that is available with Azure Arc enabled data services. It is also powered by the Citus extension that enables the hyperscale experience. In this form factor, our customers provide the infrastructure that hosts the systems and operate them.

Azure Arc enabled data services

 

CI/CD workflow using GitOps - Azure Arc enabled Kubernetes

Azure Arc brings DevOps practices anywhere. Modern Kubernetes deployments house multiple applications, clusters, and environments. With GitOps, you can manage these complex setups more easily, tracking the desired state of the Kubernetes environments declaratively with Git. Using common Git tooling to track cluster states, you can increase accountability, facilitate fault investigation, and enable automation to manage environments. 

 

 

Azure Arc enabled Kubernetes GitOps Flow

 

Access your Kubernetes Cluster from anywhere

With Cluster connect on Azure Arc enabled Kuberetes clusters, developers can access their clusters from anywhere for interactive development and debugging.  It also lets cluster users and administrators access or manage their clusters from anywhere. You can even use hosted agents/runners of Azure Pipelines, GitHub Actions, or any other hosted CI/CD service to deploy applications to on-prem clusters, without requiring self-hosted agents.

Azure Arc enabled Kubernetes Cluster - Cluster Connect

The Azure Arc enabled Kubernetes cluster connect feature provides connectivity to the apiserver of the cluster without requiring any inbound port to be enabled on the firewall. A reverse proxy agent running on the cluster can securely start a session with the Azure Arc service in an outbound manner. You can read more about the Cluster connect on Azure Arc enabled Kubernetes on Microsoft Docs.

 

Deploy and run Azure Kubernetes Services (AKS) on-premises on Azure Stack HCI

With Azure Arc and Azure Stack HCI, you can run the Azure Kubernetes Services (AKS) on-premises in your own datacenter or edge location on top of Azure Stack HCI. This AKS cluster can be Azure Arc enabled, to allow management and deployment of applications to your Kubernetes clusters. You can learn more on Microsoft Docs.

 

Run Machine Learning anywhere

Azure Arc enabled machine learning lets you configure and use an Azure Arc enabled Kubernetes clusters to train and manage machine learning models in Azure Machine Learning.

Azure Arc enabled machine learning supports the following training scenarios:

  • Train models with 2.0 CLI
    • Distributed training
    • Hyperparameter sweeping
  • Train models with Azure Machine Learning Python SDK
    • Hyperparameter tuning
  • Build and use machine learning pipelines
  • Train model on-premise with outbound proxy server
  • Train model on-premise with NFS datastore

Learn more on Microsoft Docs.

 

Use Azure Managed Identities on-prem or at other cloud providers

If developers build applications that need to authenticate against Azure resources, Azure VMs can leverage their Managed Identity to authenticated. With Azure Arc, applications or processes running directly on an Azure Arc-enabled servers can leverage managed identities to access other Azure resources that support Azure Active Directory-based authentication for example Azure Key Vault. An application can obtain an access token representing its identity, which is system-assigned for Arc-enabled servers, and use it as a 'bearer' token to authenticate itself to another service.

You can learn more about the managed identity overview documentation for a detailed description of managed identities, as well as the distinction between system-assigned and user-assigned identities. For authenticate against Azure resources with Arc-enabled servers, check out the following article.

 

Monitoring

You do not just want to manage your systems; you also want to monitor them and make sure that you get alerted in case anything is happening which you disrupted your environment and applications. You can monitor your Kubernetes clusters and containers, Linux, and Windows Servers. Azure Monitor provides you with monitoring guest operating system performance and discover application components to monitor their processes and dependencies with other resources the application communicates using VM insights.

Monitoring

One of the great features in Azure Monitor which can help developers is the Microsoft Dependency agent. This provides you with information about the incoming and outgoing connections to a specific server.

 

Azure Monitor Map

 

Certificate Management

You might have managed certificates on your servers using Active Directory and Group Policies for your local environment. In hybrid cloud or mutlicloud environments, servers are often not even domain-joined. That can make managing certificates a challenge. With a combination of the Azure AD Managed Identity assigned by the Azure Arc agent and Azure Key Vault, you can easily and securely deploy and manage certificates to your Windows and Linux servers.

 

Azure Arc for other roles!

You can also find my other blog post focusing on Azure Arc for other roles!

 

 

Next steps

  • Learn more about Arc enabled servers, see the following overview

  • Learn more about Arc enabled Kubernetes, see the following overview

  • Learn more about Arc enabled data services, see the following overview

  • Experience Arc enabled services from the Jumpstart proof of concept

Also, check out my video on how to manage your hybrid cloud using Azure Arc on Microsoft Channel 9.

 

 

Conclusion

Azure Arc enables developers and others to build hybrid and multicloud solutions and with the right tooling to manage and operate hybrid and multicloud resources such as Windows and Linux servers, Kubernetes clusters, and other resources. If you have any questions, feel free to leave a comment below.

 

Updated Jul 20, 2021
Version 1.0