At Ignite in November 2019 Microsoft announced Azure Arc which is now in public preview. Azure Arc extends Azure Resource Manager capabilities to cover Linux and Windows servers, as well as Kubernetes clusters on any infrastructure across on-premises, and multi-cloud. In French “L’arc-en-ciel” is the word for rainbow so will Azure Arc help customers to find a much-needed solution to their hybrid multi-cloud management challenges?
The Hybrid Management Challenge
As well as on-premises IT services, most organizations are now using cloud services from multiple vendors, and this adds to the costs and complexity of service management.
Figure 1: Common Management Platform for Hybrid IT
Typically, organizations use office productivity tools from one cloud vendor, a CRM system from another cloud vendor, and test and development service from yet another one. At the same time legacy applications and business critical data is retained on premises or in managed hosting. This hybrid multi-cloud environment creates significant challenges relating to the governance, management, security, and compliance of the whole system.
What is needed is a consistent approach with common processes supported by a single platform that provides all the necessary functions across all the various components involved in delivering all the services. The need for this together with a common approach is described in KuppingerCole Architecture Blueprint: Hybrid Cloud Security.
Unfortunately, today there is no single technology platform for this that has been widely adopted. VMware provides a solution for services deployed using VMware which is useful if your organization has adopted VMware. This is now being extended to other clouds through their vRealize Suite. OpenStack provides an open solution which is not widely deployed. Some cloud service providers are now extending their own proprietary management portal to cover this need. Azure Arc falls into this latter category.
Required Functionality
KuppingerCole recommends that any hybrid IT management platform should be evaluated on how well it covers a range of capabilities. More details can be found in KuppingerCole Buyer's Guide: Hybrid Cloud Services. It should:
- Provide a management model and policies that cover all the different delivery models and cloud services. Do this in a way that integrates harmoniously with the different cloud platforms and does not limit the functionality available.
- Enable the administration of all the service components such as control over the virtual machines deployed together with resources used. At the same time cover the administration and orchestration of container-based workloads. Support monitoring of service performance with access to diagnostic tools.
- Manage and secure configuration of the in-cloud networks as well as control over internet access and hybrid connectivity.
- Integrate identities and access rights with the enterprise user directory. Support secure delegation of administration rights and provide a highly secure administration connection including strong authentication of administrators.
- Support customer audit of how the deployed service conforms with security policies and provide remediation capabilities.
- Provide access to pricing, usage, and billing.
How well does Azure Arc meet these requirements?
Since Azure Arc has been in preview for some months Microsoft claims that it is being used successfully by some customers. For example:
One customer is using it for bare metal servers, VM Based, VMWare, and Kubernetes clusters, as well as cloud. They are able to organize all these through a single pane of glass through PowerShell. Microsoft claims that one customer using Azure Arc to manage AWS VMs as well as Azure.
It is helping customers to build Kubernetes applications and ensure consistent configuration, governance, and security. One retail customer with different versions in different retail branches is using it to manage Kubernetes Clusters across the different locations where there are different versions / flavours of Kubernetes.
Customers are also able to leverage Azure Security Centre. As well as Azure services wherever there is Kubernetes – for example in VMWare, or wherever.
From the perspective customers with significant investments in Azure this provides a welcome benefit of extending the management model with which they are familiar to other environments. It doesn’t seem likely that it would be attractive to customers with large investments in other clouds. However, it might persuade some customers to choose Azure as their preferred cloud.