Category Archives: Azure Arc Enabled Infrastructure

How to prepare your IT environment for new hybrid and multicloud scenarios

Many companies are engaged in the diffusion and adoption of applications that can work in different environments: on-premises, across multiple public clouds and at the edges. Such an approach requires adequate preparation of the corporate IT environment to ensure compliance and efficient management of large-scale server systems, of applications and data, while maintaining high agility. In this article, the main aspects to be taken into consideration for the adoption of hybrid and multicloud technologies are introduced, in order to best meet the business needs.

The reasons that lead to the adoption of hybrid and multicloud solutions

There are many reasons why customers choose to deploy their digital assets in hybrid and multicloud environments. Among the main ones we find:

  • Minimize or remove data lock-in from a single cloud provider
  • Presence of business units, subsidiary companies or acquired companies that have already made choices to adopt different cloud platforms
  • Different regulatory and data sovereignty requirements in different countries
  • Need to improve business continuity and disaster recovery by distributing workloads between two different cloud providers
  • Needs to maximize performance by allowing applications to run close to where users are

What aspects to consider?

There are several options for preparing an IT environment suitable for hosting hybrid and multicloud deployments, reason why before setting up your Azure environment or any other public cloud, it is important to identify how the cloud environment should support your scenario:

Figure 1 – Diagram showing how different customers distribute workloads between cloud providers

In the image above, each dark blue point represents a workload and each blue circle is a business process, supported by a separate environment. Depending on the cloud-mix, a different configuration of the Azure environment may be required:

  • Hybrid-first customer: most of the workloads remain in place, often in a combination of hosting models with traditional and hybrid resources. Some specific workloads are deployed on the edge, in Azure or other cloud service providers.
  • Azure-first customer: most of the workloads reside in Azure. However, some workloads remain local. Furthermore, certain strategic decisions lead some workloads to reside in the edges or in multicloud environments.
  • Multicloud-first customer: most workloads are hosted on a public cloud other than Azure, such as Amazon Web Services (AWS) or Google Cloud Platform (GCP). However, some strategic decisions have led some workloads to be placed in Azure or at the edges.

Depending on the hybrid and multicloud strategy you decide to undertake for applications and data, this will have to direct certain choices.

How to prepare the Azure environment

Microsoft Azure is an enterprise-grade cloud service provider and best able to support public environments, hybrid and multicloud.

To prepare an IT environment and make it effective for any hybrid and multicloud deployment, the following key aspects should be considered:

  • Network topology and connectivity
  • Governance
  • Security and compliance
  • Automation disciplines, development experiences and DevOps practices

When dealing with the issue of preparing your IT environment for new hybrid and multicloud scenarios, it is advisable to define the Azure "Landing Zone" which represents, in the cloud adoption journey, the point of arrival. It is an architecture designed to allow you to manage functional cloud environments, contemplating the following aspects:

  • Scalability
  • Security governance
  • Networking
  • Identity
  • Cost management
  • Monitoring

The architecture of the Landing Zone must be defined based on specific business and technical requirements. It is therefore necessary to evaluate the possible implementation options of the Landing Zone, thanks to which it will be possible to meet the deployment and operational needs of the cloud portfolio.

Figure 2 – Conceptual example of an Azure landing zone

What tools to use?

Cloud Adoption Framework

The Cloud Adoption Framework of Microsoft provides a rich set of documentation, guidelines for implementation, best practices and helpful tools to accelerate your cloud adoption journey. Among these best practices, which it is advisable to adopt and which it is advisable to specifically decline for the various customers according to their needs, there is one specific section concerning hybrid and multicloud environments. This section covers the different best practices that can help facilitate various cloud mixes, ranging from environments totally in Azure to environments where the infrastructure at the Microsoft public cloud is not present or is limited.

Azure Arc as an accelerator

Azure Arc consists of a set of different technologies and components that allow you to have a single control mechanism to manage and govern all your IT resources in a coherent way, wherever they are. Furthermore, with Azure Arc-enabled services, you have the flexibility to deploy fully managed Azure services anywhere, on-premises or in other public clouds.

Figure 3 –  Azure Arc overview

TheAzure Arc-enabled servers Landing Zone, present in the Cloud Adoption Framework, allows customers to increase security more easily, governance and compliance status of servers deployed outside of Azure. Together with Azure Arc, services like Microsoft Defender for Cloud, Azure Sentinel, Azure Monitor, Azure Policy and many others can be extended to all environments. For this reason Azure Arc should be considered as an accelerator for your Landing Zones.

Azure Arc Jumpstart has grown a lot and allows you to better evaluate Azure Arc, with over 90 automated scenarios, thousands of visitors per month and a very active open source community sharing their knowledge about Azure Arc. As part of Jumpstart, ArcBox was developed, an automated sandbox environment for everything related to Azure Arc, deployable to customers' Azure subscriptions. As an accelerator for the landing zone of Azure Arc-enabled servers it has been developed ArcBox per IT pro, which serves as a sandbox automation solution for this scenario, with services like Azure Policy, Azure Monitor, Microsoft Defender for Cloud, Microsoft Sentinel and more.

Figure 4 – Architecture of ArcBox per IT pro

Conclusions

The adoption of consistent operating practices across all cloud environments, associated with a common control plan, allows you to effectively address the challenges inherent in hybrid and multicloud strategies. To do this, Microsoft provides various tools and accelerators, one among which is Azure Arc which makes it easier for customers to increase security, the governance and compliance status of IT resources deployed outside of Azure.

Datacenter Modernization: a real case with Microsoft solutions

The statistics speak for themselves, beyond the 90% some companies already have or foresee, in the short term, to adopt a hybrid strategy for their IT infrastructure. These data are confirmed by the daily events, where several customers include in their investment plans both the maintenance of workloads on on-premises infrastructures, both the adoption of solutions in the public cloud. At the same time, a process of modernization of applications is supported with the aim of making the most of the potential and innovation offered by these infrastructures. So we live in the era of hybrid cloud and Microsoft offers several interesting solutions to modernize datacenter and easily manage hybrid infrastructure. This article gives a real example of how a customer has embarked on the modernization path of their datacenter thanks to Azure Stack HCI and how, via Azure Arc, was able to extend Azure services and management principles to its on-premises infrastructure as well.

Initial customer request and problems to be solved

The customer in question wanted to activate a new modern and integrated virtualization infrastructure at their datacenter, to allow you to configure quickly, dynamic and flexible application workloads. The infrastructure in use by the customer was not adequate and encountered various problems, including:

  • Non-scalable and inflexible virtualization solution
  • Hardware obsolescence
  • Configurations that did not ensure adequate availability of virtualized systems
  • Performance and stability issues
  • Difficulty in managing the various infrastructure components

Characteristics of the proposed solutions, adopted and benefits obtained

The customer has decided to adopt a hyper-converged infrastructure (HCI), where several hardware components have been removed, replaced by software that can merge layers of compute, storage and network in one solution. In this way it made a transition from a traditional "three tier" infrastructure, composed of network switches, appliance, physical systems with onboard hypervisors, storage fabric and SAN, toward hyper-converged infrastructure (HCI).

Figure 1 - Transition from a "Three Tier" infrastructure to a Hyper-Converged Infrastructure (HCI)

Azure Stack HCI: the complete stack of the Hyper-Converged infrastructure

This was all done by adopting the solution Microsoft Azure Stack HCI, which allows the execution of workloads and an easy connection to Azure of the hyper-converged infrastructure (HCI). The main characteristics of the solution are reported in the following paragraphs.

Choosing and customizing your hardware

The customer was able to customize the hardware solution according to their needs, going to configure the processor, memory, storage and features of network adapters, respecting the supplier's compatibility matrices.

Figure 2 - Hardware composition of the Azure Stack HCI solution

There are several hardware vendors that offer suitable solutions to run Azure Stack HCI and can be consulted by accessing this link. The choice is wide and falls on more than 200 solutions of more than 20 different partners. Azure Stack HCI requires hardware that is specifically tested and validated by various vendors.

Dedicated and specific operating system

The operating system of the solution Azure Stack HCI is a specific operating system with a simplified composition and more up-to-date components than Windows Server. Roles that are not required by the solution are not included in this operating system, but there is the latest hypervisor also used in Azure environment, with software-defined networking and storage technologies optimized for virtualization.

The local user interface is minimal and is designed to be managed remotely.

Figure 3 - Azure Stack HCI OS interface

Disaster recovery and failover of virtual machines

The customer also took advantage of the possibility of creating a stretched cluster to extend their cluster Azure Stack HCI, in the specific case in two different buildings. This functionality is based on storage replication (synchronous in this scenario) contemplating encryption, local site resilience and automatic failover of virtual machines in the event of a disaster.

Figure 4 – Stretched cluster dell’architettura hyper-converged di Azure Stack HCI

Updates of the entire solution stack (full-stack updates)

To reduce the complexity and operational costs of the solution update process, the customer can start in Azure Stack HCI the process that involves the full-stack upgrade (Firmware / driver along with the operating system) directly from Windows Admin Center.

Figure 5 - Solution updates of the Dell EMC branded Azure Stack HCI solution

Azure Hybrid Service: familiarity in management and operation

The customer is able to manage their infrastructure based on Azure Stack HCI in a simple way and without adopting specific software tools, as if it were an extension of the public cloud, thanks to the features mentioned in the following paragraphs.

Native integration in Azure

Azure Stack HCI natively integrates with Azure services and Azure Resource Manager (ARM). No agent is required for this integration, but Azure Arc is integrated directly into the operating system. This allows you to view, direct from the Azure Portal, the cluster Azure Stack HCI on-premises exactly like an Azure resource.

Figure 6 - Azure Stack HCI integration into Azure

By integrating with Azure Resource Manager, the customer can take advantage of the following benefits of Azure-based management:

  • Adopting Standard Azure Resource Manager-Based Constructs (ARM)
  • Classification of Clusters with Tags
  • Organizing Clusters in Resource Groups
  • Viewing all clusters Azure Stack HCI in one centralized view
  • Managing access using Azure Identity Access Management (IAM)

Furthermore, from the Azure Stack HCI resource you can locate, add, modify or remove extensions, thanks to which you can easily access the management features.

Figure 7 - Azure Stack HCI management capabilities

Arc-enabled VM management

In addition to managing the cluster, the customer can also use Azure Arc to provision and manage virtual machines running on Azure Stack HCI, directly from the Azure portal. Virtual machines and their associated resources (images, disks, and network) are projected into ARM as separate resources using a new multi-platform technology called Arc Resource Bridge.

In this way you can:

  • achieve consistent management between cloud resources and Azure Stack HCI resources;
  • automate virtual machine deployments using ARM templates;
  • guarantee self-service access thanks to Azure RBAC support.

Figure 8 - Features provided by Azure Arc integration for Azure Stack HCI VMs

Azure Backup and Azure Site Recovery

Azure Stack HCI supports Azure Backup and Azure Site Recovery. With Microsoft Azure Backup Server (MABS) the customer backs up hosts and active virtual machines in Azure Stack HCI. Furthermore, using Azure Site Recovery it is possible to activate the replication of virtual machines from Azure Stack HCI to Azure, to create specific disaster recovery scenarios.

Infrastructure monitor with Azure Monitor Insights for Azure Stack HCI

Thanks to the solution Azure Stack HCI Insights the customer is able to consult detailed information on integrity, on the performance and use of Azure Stack HCI clusters connected to Azure and registered for related monitoring. Azure Stack HCI Insights stores its data in a Log Analytics workspace, thus having the possibility to use powerful aggregations and filters to better analyze the data collected over time. You have the option of viewing the monitor data of a single cluster from the Azure Stack HCI resource page or you can use Azure Monitor to obtain an aggregate view of multiple Azure Stack HCI clusters with an overview of the health of the cluster, the state of nodes and virtual machines (CPU, memory and storage consumption), performance metrics and more. This is the same data also provided by Windows Admin Center, but designed to scale up to 500 cluster at the same time.

Figure 9 - Azure Monitor Insights control panel for Azure Stack HCI

Azure benefit for Windows Server

Microsoft offers special benefits when deploying Windows Server in Azure environment, and the same benefits are also available on Azure Stack HCI.

Figure 10 – Azure benefit for Windows Server

Azure Stack HCI allows you to:

  • Deploy virtual machines with Windows Server 2022 Azure Datacenter edition, which offers specific features not available in the classic Standard and Datacenter editions. To learn more about the features available in this edition, you can consult this article.
  • Get extended security updates for free, just like in Azure. This is true for both Windows Server 2008 / R2, both for Windows Server 2012 / R2, in addition to the corresponding versions of SQL Server.
  • Obtain the license and activate the Windows Server machines as in Azure. Azure Stack HCI as well as allowing you to use your own Datacenter license to enable automatic activation of virtual machines (Automatic VM Activation – AVMA), provides the option to pay the Windows Server license for guest systems through your Azure subscription, just like in Azure environment.

Dedicated Azure Support Team

Azure Stack HCI is in effect an Azure solution, therefore the customer can take advantage of Azure support with the following characteristics:

  • You can easily request technical support directly from the Azure portal.
  • Support will be provided by a new team of experts dedicated to supporting the solution Azure Stack HCI.
  • You can choose from different support plans, depending on your needs.

Infrastructure innovation and new evolved scenarios

In the Azure Stack HCI environment, in addition to running virtual machines, you can activate Azure Kubernetes Service (AKS) and Azure Virtual Desktop.

Azure Kubernetes Service in Azure Stack HCI

This on-premises AKS implementation scenario allows you to automate the large-scale execution of modern applications based on micro-services. Thanks to Azure Stack HCI, the adoption of these container-based application architectures can be hosted directly in your own datacenter, adopting the same Kubernetes management experience that you have with the managed service present in the Azure public cloud.

Figure 11 - AKS overview on Azure Stack HCI

For more information, you can consult the article Azure Kubernetes Service in an Azure Stack HCI environment.

Azure Virtual Desktop for Azure Stack HCI

In situations where applications are sensitive to latency, such as video editing, or scenarios where users need to take advantage of a legacy system present on-premises that cannot be easily reached, Azure Virtual Desktop adds a new hybrid option thanks to Azure Stack HCI. Azure Virtual Desktop for Azure Stack HCI uses the same cloud management plan as regular Azure Virtual Desktop, but it allows you to create session host pools using virtual machines running on Azure Stack HCI. These virtual machines can run Windows 10 and/or Windows 11 Enterprise multi-session. By placing desktops closer to users, it is possible to enable direct access with low latency and without round trip.

Conclusions

Microsoft operates one of the largest data centers in the world and is making large investments to bring the experience gained and the innovation of the cloud to Azure Stack HCI. This customer, relying on Azure Stack HCI is taking advantage of a subscription service that receives regular feature updates, with the important goal of being able to exploit the technology tested on a large scale in the cloud on-premises. Furthermore, is able to manage the resources of its environment in a unified way and have a continuous innovation of its hybrid infrastructure.

How to extend Azure management principles to VMware infrastructures with Azure Arc

The trend that is frequently found in different business contexts is to resort to hybrid and multi-cloud strategies for their IT environments. All this allows you to embark on a path of digital innovation with great flexibility and agility. To do this in the best possible way, it is appropriate to adopt technologies that make it possible to create new opportunities and at the same time to manage the challenges inherent in these new paradigms.. Microsoft has designed a specific solution and is called Azure Arc. One of the crucial benefits of Azure Arc is to extend Azure management and governance practices also to different environments and to adopt solutions and techniques that are typically used in the cloud environment also for on-premises environments. This article explores how Microsoft has recently improved the integration process of VMware vSphere infrastructures in Azure Arc and what opportunities can be seized from this innovation.

Why adopt a hybrid strategy?

Among the main reasons that lead customers to adopt a hybrid strategy we find:

  • Workloads that cannot be moved to the public cloud due to regulatory and data sovereignty requirements. This is usually common in highly regulated industries such as financial services, healthcare and government environments.
  • Some workloads, especially those residing in the edges, require low latencies.
  • Many companies have made significant investments in the on-premises environment that they want to maximize, therefore the choice falls on modernizing the traditional applications that reside on-premises and the solutions adopted.
  • Ensure greater resilience.

What questions to ask to better leverage and manage hybrid and multi-cloud environments?

In situations where a hybrid or multi-cloud strategy is being adopted, the key questions you should ask yourself to reap the greatest benefits are:

  • How can I view, govern and protect IT assets, regardless of where they are running?
  • There is the possibility of bringing cloud innovation to existing infrastructure as well?
  • How you can modernize local datacenters by adopting new cloud solutions?
  • How to extend processing and artificial intelligence to the edge to unlock new business scenarios?

The answer to all these questions can be… “by adopting Azure Arc!".

Figure 1 – Azure Arc overview

There are many customers who have VMware-based infrastructure and are using Azure services at the same time. Azure Arc extends the possibilities offered in governance and management by Azure also to virtual machines in VMware environments. To further improve this experience of control and management of these resources, a deep integration between Azure Arc and VMware vSphere has been introduced.

Azure Arc-enabled VMware vSphere: how does it work?

Azure Arc-enabled VMware vSphere is a new Azure Arc feature designed for customers with on-premises VMware vSphere environments or those who adopt Azure VMware Solution.

This direct integration of Azure Arc with VMware vSphere requires you to activate a virtual appliance called "Arc bridge". This resource allows you to establish the connection between the VMware vCenter server and the Azure Arc environment.

Thanks to this integration it is possible to onboard in Azure some or all of the vSphere resources managed by your vCenter server such as: resource pool, cluster, host, datastore, network, existing templates and virtual machines.

Figure 2 - VMware vCenter from the Azure portal

Once the onboarding phase is over, new usage scenarios open up that allow you to take advantage of the benefits reported in the following paragraph.

Benefits of Azure Arc-enabled VMware vSphere

Thanks to this new integration it is possible to obtain the following benefits:

  • Run the provisioning of new virtual machines in VMware environments from Azure. The distribution of virtual machines on VMware vSphere can be done from the portal or using ARM templates. The possibility of being able to describe the infrastructure, through Infrastructure as Code processes, consistently across Azure and on-premises environments is very important. In fact,, adopting ARM template, DevOps teams can use CI / CD pipelines to provision systems or to update VMware virtual machines in context with other application updates.

Figure 3 - Provisioning of a VMware VM from the Azure portal

  • Make ordinary maintenance operations on virtual machines directly from the Azure portal such as: stop, start, reboot, resizing, adding or updating disks and managing network cards.
  • Guarantee a self-service access to vSphere resources via Azure Arc. For administrators managing vSphere environments, this means they can easily delegate self-service access to VMware resources, governing and ensuring compliance through advanced controls of Azure governance and Azure RBAC. In fact,, it is possible to assign granular authorizations on computational resources, storage, network and templates.
  • Provide a inventory of virtual machines in distributed vSphere environments.
  • Run and manage on a large scale the’onboarding of vSphere environments in Azure management services such as Azure Monitor Log Analytics and Azure Policy Guest Configuration. This enabling allows you to orchestrate the installation of the specific Azure Arc agent (Connected Machine agent) directly from Azure.
  • Keep changes made directly through vCenter synchronized in Azure, thanks to automatic detection features.

Conclusions

Thanks to this new advanced integration, customers can have the flexibility to innovate, even using their existing VMware environment. Furthermore, through this approach it is possible to have an effective control mechanism to manage and govern all IT resources in a coherent way.

The management of Kubernetes environments with Azure Arc

The principle behind Azure Arc is to extend Azure management and governance practices to different environments and to adopt solutions and techniques, which are typically used in a cloud environment, even for on-premises environments. This article discusses how Azure Arc allows you to deploy and configure Kubernetes applications homogeneously across all environments, adopting modern DevOps techniques.

Thanks to Azure Arc-enabled Kubernetes it is possible to connect and configure Kubernetes clusters located inside or outside the Azure environment. By connecting a Kubernetes cluster to Azure Arc, this:

  • It appears in the Azure portal with an Azure Resource Manager ID and a managed identity.
  • It is inserted within an Azure subscription and a resource group.
  • Allows it to be associated with tags like any other Azure resource.

To connect a Kubernetes cluster to Azure, the agents must be installed on the various nodes. Such agents:

  • They run in the Kubernetes namespace "azure-arc".
  • They manage connectivity to Azure.
  • They collect Azure Arc logs and metrics.
  • They check for configuration requests.

Figure 1 - Agent architecture Azure Arc-enabled Kubernetes

Azure Arc-enabled Kubernetes supports SSL to protect data in transit. Furthermore, to ensure the confidentiality of inactive data, these are stored in an encrypted way in an Azure Cosmos DB database.

Azure Arc agents on Kubernetes systems do not require the opening of inbound ports on firewall systems, but you only need to be enabled to access outbounds to specific endpoints.

For more details on this and for the procedure to follow to connect a Kubernetes cluster to Azure Arc you can consult this official Microsoft documentation.

Supported distributions

Azure Arc-enabled Kubernetes can be enabled with any certified Kubernetes cluster Cloud Native Computing Foundation (CNCF)". In fact,, the Azure Arc team collaborated with leading industry partners to validate compliance of their Kubernetes distributions with Azure Arc-enabled Kubernetes.

Supported scenarios

Enabling Azure Arc-enabled Kubernetes The following scenarios are supported:

  • Connecting Kubernetes clusters running in environments other than Azure, to perform inventory operations, grouping and tagging.
  • Application distribution and configuration management based on GitOps mechanisms. Related to Kubernetes, GitOps is the practice of declaring the desired state of Kubernetes cluster configurations (deployments, namespaces, etc.) in a repository Git. This declaration is followed by a poll and pull-based deployment of these cluster configurations using an operator. The Git repository can contain:
    • YAML format manifest describing any valid Kubernetes resources, including Namespaces, ConfigMaps, Deployments, DaemonSets, etc.
    • Chart Helm for application distribution.

Flux, a popular open source tool from GitOps, can be deployed on the Kubernetes cluster to facilitate the flow of configurations from a Git repository to a Kubernetes cluster.

For more details on the CI / CD workflow using GitOps for Azure Arc-enabled Kubernetes clusters you can refer to this Microsoft documentation.

  • View and monitor cluster environments using Azure Monitor for containers.
  • Threat Protection using Azure Defender for Kubernetes. The extension components collect the Kubernetes audit logs from all the nodes of the cluster control plane and send them to the back-end ofAzure Defender for Kubernetesin the cloud for further analysis. The extension is registered with a Log Analytics workspace that is used for the data pipeline, but the audit logs are not stored in the Log Analytics workspace. The extension allows you to protect Kubernetes clusters located at other cloud providers, but it does not allow you to contemplate their managed Kubernetes services.
  • Apply settings via Azure Policy for Kubernetes.
  • Creation of custom locations used as targets for the deployment of Azure Arc-enabled Data Services, App Services on Azure Arc (which includes web, function, and logic apps) and Event Grid on Kubernetes.

Azure Arc-enabled Kubernetes also supports Azure Lighthouse, which allows service providers to access their tenant to manage subscriptions and resource groups delegated by customers.

Conclusions

Companies that need to operate in a hybrid environment thanks to this technology will be able to minimize the effort of managing containerized workloads, extending services such as Azure Policy and Azure Monitor to Kubernetes clusters located in on-premises environments. Finally, through the GitOps approach, you will be able to simplify updates to cluster configurations in all environments, minimizing the risks associated with configuration problems.