Azure Arc and the Azure control plane enables developers to build hybrid and mutlicloud architectures for their applications. Taking advantage of the Azure control plane to manage infrastructure and allows to deploy Azure services anywhere. This allows customers to build cloud solutions and application architectures consistently, independent of where the application is running. Developers can use their favorite Azure services like WebApps or Azure SQL, and run their applications outside of Azure.
In this blog post, we will have a look at Azure Arc for developers. Azure Arc allows you to extend Azure management and Azure services to anywhere. Meaning that you can deploy, manage and govern resources running across hybrid and multi cloud environments, and bring services such as Azure SQL Database and Azure PostgreSQL Hyperscale to your on-premise datacenter, edge location, or other cloud providers. Since Azure Arc can help in many different scenarios.
Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform. Azure Arc enables you to manage your entire environment, with a single pane of glass, by projecting your existing resources into Azure Resource Manager. You can now manage virtual machines, Kubernetes clusters, and databases as if they are running in Azure. Regardless of where they live, you can use familiar Azure services and management capabilities. Azure Arc enables you to continue using traditional ITOps, while introducing DevOps practices to support new cloud-native patterns in your environment.
This provides you with a single control plane for your hybrid and multicloud environment.
Let's have a look at some key Azure Arc scenarios for Developers.
In hybrid and multicloud environments, it can be difficult for developers to get a central view of all the resources they need to manage. Some of these resources are running in Azure, some on-premises, branch offices, or even at other cloud providers. By connecting resources to the Azure Resource Manager using Azure Arc, developers can get central visibility of a wide range of resources, including Windows and Linux servers, SQL server, Kubernetes clusters, and Azure services running in Azure and outside of Azure.
As a developer, you want to make sure that only people who need access can access these systems. You can delegate access and manage security policies for resources using role-based access control (RBAC) in Azure. With Azure Arc enabled servers, we are seeing customers removing the local access for administrators and only provide them access to the system in the Azure portal using Azure Arc and Azure Management services. If you run in multiple environments and tenants, Azure Arc also integrated perfectly in Azure Lighthouse. Azure Lighthouse is especially interesting for managed services providers.
Azure Arc enables you to create custom locations, so you can use the Azure Resource Manager not just to deploy to Azure Regions but also to your own custom locations. You can learn more about custom locations on Microsoft Docs.
Azure Arc allows you to deploy Azure application services such as Azure App Service, Functions, Logic Apps, Event Grid, and API Management anywhere, on-premises, edge locations, or any other cloud provider. This is great if you are building and running cloud-native applications on Azure PaaS services and want them to run outside of Azure without rearchitecting them.
These are the new Azure Arc-enabled Application services announced at Microsoft Build 2021. These allow you to run Azure PaaS services on-premises and at other cloud providers.
Next to Azure Application services to run services like Web Apps and Logic Apps, you also want to leverage data services and databases. With Azure Arc enabled Data services you can run services like Azure SQL Managed Instances anywhere.
The applications services can be combined with the Azure Arc enabled Data services which include:
Azure Arc brings DevOps practices anywhere. Modern Kubernetes deployments house multiple applications, clusters, and environments. With GitOps, you can manage these complex setups more easily, tracking the desired state of the Kubernetes environments declaratively with Git. Using common Git tooling to track cluster states, you can increase accountability, facilitate fault investigation, and enable automation to manage environments.
With Cluster connect on Azure Arc enabled Kuberetes clusters, developers can access their clusters from anywhere for interactive development and debugging. It also lets cluster users and administrators access or manage their clusters from anywhere. You can even use hosted agents/runners of Azure Pipelines, GitHub Actions, or any other hosted CI/CD service to deploy applications to on-prem clusters, without requiring self-hosted agents.
The Azure Arc enabled Kubernetes cluster connect feature provides connectivity to the apiserver
of the cluster without requiring any inbound port to be enabled on the firewall. A reverse proxy agent running on the cluster can securely start a session with the Azure Arc service in an outbound manner. You can read more about the Cluster connect on Azure Arc enabled Kubernetes on Microsoft Docs.
With Azure Arc and Azure Stack HCI, you can run the Azure Kubernetes Services (AKS) on-premises in your own datacenter or edge location on top of Azure Stack HCI. This AKS cluster can be Azure Arc enabled, to allow management and deployment of applications to your Kubernetes clusters. You can learn more on Microsoft Docs.
Azure Arc enabled machine learning lets you configure and use an Azure Arc enabled Kubernetes clusters to train and manage machine learning models in Azure Machine Learning.
Azure Arc enabled machine learning supports the following training scenarios:
Learn more on Microsoft Docs.
If developers build applications that need to authenticate against Azure resources, Azure VMs can leverage their Managed Identity to authenticated. With Azure Arc, applications or processes running directly on an Azure Arc-enabled servers can leverage managed identities to access other Azure resources that support Azure Active Directory-based authentication for example Azure Key Vault. An application can obtain an access token representing its identity, which is system-assigned for Arc-enabled servers, and use it as a 'bearer' token to authenticate itself to another service.
You can learn more about the managed identity overview documentation for a detailed description of managed identities, as well as the distinction between system-assigned and user-assigned identities. For authenticate against Azure resources with Arc-enabled servers, check out the following article.
You do not just want to manage your systems; you also want to monitor them and make sure that you get alerted in case anything is happening which you disrupted your environment and applications. You can monitor your Kubernetes clusters and containers, Linux, and Windows Servers. Azure Monitor provides you with monitoring guest operating system performance and discover application components to monitor their processes and dependencies with other resources the application communicates using VM insights.
One of the great features in Azure Monitor which can help developers is the Microsoft Dependency agent. This provides you with information about the incoming and outgoing connections to a specific server.
You might have managed certificates on your servers using Active Directory and Group Policies for your local environment. In hybrid cloud or mutlicloud environments, servers are often not even domain-joined. That can make managing certificates a challenge. With a combination of the Azure AD Managed Identity assigned by the Azure Arc agent and Azure Key Vault, you can easily and securely deploy and manage certificates to your Windows and Linux servers.
You can also find my other blog post focusing on Azure Arc for other roles!
Learn more about Arc enabled servers, see the following overview
Learn more about Arc enabled Kubernetes, see the following overview
Learn more about Arc enabled data services, see the following overview
Experience Arc enabled services from the Jumpstart proof of concept
Also, check out my video on how to manage your hybrid cloud using Azure Arc on Microsoft Channel 9.
Azure Arc enables developers and others to build hybrid and multicloud solutions and with the right tooling to manage and operate hybrid and multicloud resources such as Windows and Linux servers, Kubernetes clusters, and other resources. If you have any questions, feel free to leave a comment below.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.