Implementing Hybrid Cloud with Azure Arc E-Book

Implementing Hybrid Cloud with Azure Arc

Explore the new-generation hybrid cloud and learn how to build Azure Arc-enabled solutions

Amit Malik

Daman Kaur

BIRMINGHAM—MUMBAI

Implementing Hybrid Cloud with Azure Arc

Copyright © 2021 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Wilson D'souza

Publishing Product Manager: Rahul Nair

Senior Editor: Shazeen Iqbal

Content Development Editor: Romy Dias

Technical Editor: Nithik Cheruvakodan

Copy Editor: Safis Editing

Project Coordinator: Shagun Saini

Proofreader: Safis Editing

Indexer: Manju Arasan

Production Designer: Sinhayna Bais

First published: June 2021

Production reference: 1170621

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80107-600-5

www.packt.com

To my parents, Sunita and Sat Prakash Malik

– Amit Malik

To my parents, Pardeep and Kawaljeet S Sachdeva, and all the girls who dream big...

– Daman Kaur

Foreword

Having had the pleasure of knowing and working with Daman in her role as an SME, I can attest to her intensity of her tech knowledge and specialization in a wide variety of Data and AI services Infrastructure, especially Cloud, Hybrid, Kubernetes, and Big Data solutions. In this book, Daman guides you through a comprehensive learning journey, diving into Azure Arc. The book covers topics ranging from initial setup to implementing best practices for various use cases.

Since the launch of Azure Arc in mid-2020, it has continued to evolve rapidly through innovation to meet customer and market needs, and has reached the point at which we can manage and operate on-prem and poly cloud infrastructure and run various Azure services on that infrastructure as it would run on Azure Hyper cloud, all of which can be achieved through the familiar Azure control plane.

During this evolution, Daman has focused on researching and mastering Health, Compliance, and Resiliency feature releases. She is an excellent learner and advocate who supports successful adoption of applications and their unified management across Azure Arc enabled Servers, SQL and Postgres, and Kubernetes.

In her examples, Daman demonstrates the ease with which one can install, configure, and manage a wide range of hybrid and poly cloud infrastructure under Azure Arc to bring Azure services on those infrastructure with a single familiar Azure control plane. Daman also helps administrators and developers create and optimally manage the Azure Arc in an automated, secure, and compliant manner. She covers Monitoring, striking Consistency across on-prem, Edge and Cloud with full resiliency, backup, and migration all of which, supported by practical examples.

Implementing Hybrid Cloud with Azure Arc presents a comprehensive introduction to Azure Arc and hybrid cloud computing, including use cases and supported topologies. Topics include instruction on setting up Windows and Linux servers as Arc-enabled machines and allowing readers to get to grips with deploying applications on Kubernetes clusters with Azure Arc and GitOps. The book then demonstrates how to onboard an on-prem SQL Server infrastructure as an Arc-enabled SQL Server and deploy a hyperscale PostgreSQL infrastructure on-prem through Azure Arc. This book further includes a thorough overview of deployment and management of Azure's data services on your chosen Infrastructure.

As an entertaining presenter, active community contributor, and passionate advocate, Daman imparts the knowledge and experience gained through this period of progressive innovation. With her words, step-by-step instructions, screenshots, source code snippets, examples, and links to additional sources of information, mplementing Hybrid Cloud with Azure Arc facilitates a continual enhancement of skills that enables successful adoption and operation of Azure Arc environment.

Become a hybrid poly cloud whiz with Azure Arc and host powerful and familiar Azure services on multiple infrastructure including on-prem. Harness the power of Azure Arc and its integration with cutting-edge technologies such as Kubernetes and PaaS data services.

Raja N

Director – Customer Success,

Microsoft

Contributors

About the authors

Amit Malik is an IT enthusiast and technology evangelist focused on the cloud and emerging technologies. He is currently employed by Spektra Systems as the chief operating officer, where he helps Microsoft partners grow their cloud businesses by using effective tools and strategies. He specializes in the cloud, DevOps, software-defined infrastructure, application modernization, data platforms, and emerging technologies around AI. Amit holds various industry-admired certifications from all major OEMs in the cloud and data space, including Azure Solutions Architect Expert. He is also a Microsoft Certified Trainer (MCT). Amit is an active community member of various technology groups and is a regular speaker at industry conferences and events.

Special thanks to Daman Kaur, for she has lived and breathed this book for the past 6 months or so. She is meticulous in her approach and has an unparalleled talent for synthesizing research so it is concise and understandable.

Additionally, I am grateful for the assistance provided by the Packt team for their generous feedback and for making this publication even better, especially Rahul Nair for his support throughout the journey and for making our experience of writing wonderful.

Daman Kaur is an experienced cloud solution architect with a demonstrated history of designing, building, and managing high-performing IT solutions in big data, cloud infrastructure, containers, and virtualization. Currently working at Microsoft, she is responsible for solution design, enablement, and deployment solutions covering all areas and services on Azure. Primarily, her focus is on data and AI plus apps and infrastructure. In addition to this, she is an MCT and is certified on various Microsoft, and other, technologies.

I am grateful to my parents, for they believed in me and gave so much of themselves throughout my journey. My deepest thanks to my writing partner, Amit Malik. This book would not have been written if it were not for Amit. He put in nights, early mornings, weekends, and holidays to accommodate both of our schedules and meet the deadlines. I learned a great deal from his clear thinking, deep insight, and analytical rigor. Also, my deepest gratitude to the team at Packt.

About the reviewer

Firoz Shaik is a network and security architect with over 11 years of experience in the areas of designing and deploying geo-distributed solutions for hybrid and multi-cloud platforms with DevSecOps and cybersecurity as the key focus.

He is responsible for architecting security frameworks by evaluating business IT strategy, operating models, and risk mitigation strategies. He has built cybersecurity strategy frameworks with cloud governance and secure SDLC practices complying with standards and regulations such as NIST, HIPAA, GDPR, PCI, and ISO.

He built a security stack with Managed Detection and Response that provides threat intelligence, threat hunting, monitoring, incident analysis, and incident response.

Firoz loves to travel and is a volunteer technical blog writer.

I would like to thank my family for their continued support and encouragement in everything that I do.

Table of Contents

Preface

Section 1: Azure Arc Enabled Infrastructure

Chapter 1: Azure Arc Overview

Technical requirements

What is Azure Arc?

What Azure Arc isn't

Introducing Azure Arc use cases

Organizing and governing across environments

Building cloud-native apps at scale

Running Azure data services anywhere

Meeting security, compliance, and regulatory requirements

Example customer use case

Understanding Azure Arc

Azure Resource Manager

The Azure control plane beyond Azure – Azure Arc

Azure Arc-enabled servers

Azure Arc-enabled Kubernetes

Azure Arc-enabled data services

Azure Arc-enabled SQL Server

Building the lab prerequisite for Azure Arc

Getting started with Azure

Creating a resource group in Azure

Pricing

Summary

Chapter 2: Azure Arc Enabled Servers

Technical requirements

An overview of Azure Arc enabled servers

Supported environments

Supported management scenarios

Understanding how Azure Arc works

Connected Machine agent

Arc enabled servers in the Azure portal

Preparing on-premises machines for Azure Arc enabled servers

Getting the virtualization environment ready

Onboarding Windows and Linux machines to Azure Arc

Generating an onboarding script using the Azure portal

Onboarding a Windows Server

Onboarding a Linux Server

Onboarding servers at scale

Using azcmagent utility

Offboarding Azure Arc agents

Managing servers with Azure Arc

Reviewing the connected server state in the Azure portal

Applying an Azure Policy to arc enabled servers

Installing Azure VM Extensions on Arc enabled machines

Monitoring Arc enabled servers with Azure Monitor

Protecting Arc enabled machines with Azure Security Center

Managing updates and operations

Summary

Chapter 3: Azure Arc Enabled Kubernetes

Technical requirements

Getting an overview of Azure Arc enabled Kubernetes

Supported environments

Understanding how it works

Preparing the lab infrastructure for Azure Arc enabled Kubernetes

Getting the Kubernetes environment ready

Onboarding a Kubernetes cluster to Azure Arc

Registering the required resource providers

Preparing an Azure Active Directory service principal for authentication

Onboarding the Kubernetes cluster

Forking the Azure Voting App GitOps repository

Deploying the configuration using GitOps

Testing GitOps continuous deployment

Governing connected Kubernetes clusters with Azure Policy

Enforcing GitOps using Azure Policy

Validating Kubernetes configuration compliance using Azure Policy

Monitoring connected Kubernetes clusters with Azure Monitor

Enabling monitoring for connected Kubernetes clusters

Reviewing Container insights

Summary

Chapter 4: Azure Arc Enabled SQL Server

Technical requirements

Introducing Azure Arc enabled SQL Server

Supported environments

Preparing on-premises machines for Azure Arc enabled SQL Server

Onboarding SQL Server instances to Azure Arc

Generate a SQL onboarding script using the Azure portal

Onboarding SQL Server running on Windows

Onboarding SQL servers at scale

Managing SQL Servers with Azure Arc

Reviewing connected SQL Server state in the Azure portal

Configuring SQL Server assessment

Summary

Section 2: Azure Arc Enabled Data Services

Chapter 5: Azure Arc Enabled PostgreSQL Hyperscale

Technical requirements

Getting an overview of Azure Arc enabled data services

Supported environments

Resource providers

Understanding Azure Arc enabled data services

Understanding the Azure Arc data controller

Connectivity modes

Deployment flow

Network requirements

Storage configuration

Sizing configuration

Preparing the lab infrastructure and tools

Installing the Azure CLI and Kubernetes CLI

Deploying Azure Kubernetes Service

Installing Azure Data Studio and the CLI

Deploying an Azure Arc data controller (indirectly connected mode)

Connecting to the Azure Arc data controller

Deploying PostgreSQL Hyperscale services

Deploying a PostgreSQL Hyperscale server group

Create an Azure Arc enabled PostgreSQL database

Monitoring Azure Arc enabled PostgreSQL services

Overview of monitoring Azure Arc enabled data services

Accessing the Kibana and Grafana monitoring dashboards

Uploading data to Azure Monitor

Analyzing monitoring and logs in the Azure portal

Managing backup and restore

Backing up Arc enabled PostgreSQL server group data

Restoring Arc enabled PostgreSQL server group data

Summary

Further reading

Chapter 6: Azure Arc Enabled SQL Managed Instance

Technical requirements

Getting an overview of Azure Arc enabled SQL Managed Instance

Resource providers

Benefits of hosting databases on SQL Managed Instance

Preparing the lab infrastructure and tools

Onboarding a Kubernetes cluster to Azure Arc

Deploying an Azure Arc data controller (direct mode)

Preparing prerequisites for direct mode

Deploying Azure Arc data controller resources

Connecting to the Azure Arc data controller

Deploying Azure Arc enabled SQL Managed Instance services

Deploying a SQL managed instance

Create an Azure Arc enabled SQL database

Monitoring Azure Arc enabled SQL Managed Instances

Accessing Kibana and Grafana monitoring dashboards

Uploading data to Azure Monitor

Analyzing monitoring and logs in the Azure portal

Managing backup and restore

Always On availability groups in Azure Arc enabled SQL Managed Instance

Summary

Further reading

Section 3: Azure Arc Enabled Multi-Cloud Governance

Chapter 7: Multi-Cloud Management with Azure

Technical requirements

Azure Arc enabled multi-cloud solutions

Multi-cloud server management

Multi-cloud Kubernetes management

Hosting Azure data services on other cloud platforms

Azure managed multi-cloud solutions

Azure Active Directory multi-cloud solutions

Azure Monitor

Azure Security Center

Azure Sentinel

Azure Policy

Upcoming Azure Arc enabled services

Summary

Why subscribe?

Other Books You May Enjoy

Preface

Cloud computing is the preferred method of hosting applications for all sizes of organizations across the globe today. In almost every enterprise scenario, you will find specific requirements and circumstances that require the organization to keep running some infrastructure in their on-premises environments or in other cloud platforms.

Hybrid cloud seems to be the ideal solution for everyone; you get the best of public cloud services and still have the option to run the specific workloads on your own servers. With this flexibility, there comes the challenges of managing and governing these environments with specially designed management tools. It is not rare to see organizations having different teams managing their on-premises data center and cloud environments with completely different sets of tools and processes. Reduced management overhead is a key selling point for cloud platforms, but with hybrid cloud architecture, you may see increased management overhead to manage various environments.

Azure Arc aims to eliminate the management complexity introduced with hybrid cloud solutions. Azure Arc lets you design centralized management and governance processes that can work irrespective of the locations where your infrastructure is hosted, be it Azure, other cloud platforms, or your own data center. It also allows your developers to continue using Azure's modern database services even if they're designing applications that have to be hosted outside Azure and require minimal latency database connections.

In this book, you will find step-by-step explanations of key Azure Arc concepts along with practical examples that demonstrate the key use cases of Azure Arc and hybrid cloud solutions in general. It follows a hands-on approach where each solution is followed by the steps you'd follow to implement it in your infrastructure. By the end of this book, you will have a solid understanding of Azure Arc architecture, implementation, and use cases.

Who this book is for

This book is for solution developers/architects and cloud engineers who want to learn about building, governing, and managing hybrid and multi-cloud infrastructure using Azure Arc and related Microsoft technologies.

What this book covers

Chapter 1, Azure Arc Overview, introduces Azure Arc and Microsoft's hybrid cloud management ecosystem and approaches. You will learn about various use cases and Azure Arc services and prepare for a technical deep dive in the forthcoming chapters.

Chapter 2, Azure Arc Enabled Servers, includes a technical deep-dive walkthrough of governing and manage Windows and Linux servers running outside Azure through Azure Arc. You will also learn about various methods to onboard your infrastructure to Azure Arc.

Chapter 3, Azure Arc Enabled Kubernetes, educates you about onboarding and managing Kubernetes workloads through Azure Arc. You will also learn about GitOps and application workload deployment with Azure Arc and GitOps.

Chapter 4, Azure Arc Enabled SQL Server, covers managing and accessing on-premises and other non-Azure SQL Server deployments for various best practices around security and availability.

Chapter 5, Azure Arc Enabled PostgreSQL Hyperscale, introduces Azure Arc enabled data services and key technologies including Azure Arc data controllers. You will learn about deploying and managing the Azure Arc enabled PostgreSQL Hyperscale database service on Kubernetes infrastructure.

Chapter 6, Azure Arc Enabled SQL Managed Instances, extends Azure Arc enabled data service scenarios to include SQL managed instances. You will learn about deploying and managing SQL Managed Instances on Kubernetes clusters.

Chapter 7, Multi-Cloud Management with Azure, discusses the multi-cloud management scenarios and corresponding solutions offered by Microsoft Azure.

To get the most out of this book

This book is designed to use Azure resources for simulating on-premises infrastructure. You will need an Azure subscription with sufficient credit to run the infrastructure workloads for completing the tasks. A free account can be created from https://azure.microsoft.com/en-in/free/. If you have an on-premises server infrastructure lab environment available, that can also be used for completing the scenarios covered.

All code samples are tested using Azure Cloud Shell/Visual Studio Code and Azure CLI/PowerShell on the Windows OS.

If you are using the digital version of this book, we advise you to type the code yourself or access the code via the GitHub repository (link available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

It is recommended to execute all hands-on exercises to get the most out of this book and learn effectively.

Code in Action

Code in Action videos for this book can be viewed at https://bit.ly/3iybwm8

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://www.packtpub.com/sites/default/files/downloads/9781801076005_ColorImages.pdf

Conventions used

There are several text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles.

Here is an example: "You can register resource providers by running the az provider register –namespace <RP Name > command through the Azure CLI."

A block of code is set as follows:

Microsoft.Kubernetes

Microsoft.KubernetesConfiguration

Microsoft.ExtendedLocation

Microsoft.AzureArcData

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

Microsoft.Kubernetes

Microsoft.KubernetesConfiguration

Microsoft.ExtendedLocation

Microsoft.AzureArcData

Any command-line input or output is written as follows:

az aks install-cli

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "In Azure Data Studio, click Open to launch the URL."

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

Section 1: Azure Arc Enabled Infrastructure

In this section, we will learn what Azure Arc is and the role it plays in the Microsoft hybrid cloud ecosystem. You will learn about onboarding Windows and Linux servers, Kubernetes clusters, and Microsoft SQL servers to Azure Arc. You will also learn and perform various exercises to do with hybrid cloud management, governance, Kubernetes application deployment, and SQL Server security and assessment with Azure Arc.

The following chapters will be covered in this section:

Chapter 1: Azure Arc Overview

In this chapter, we'll introduce you to Azure Arc, which is Microsoft's latest play in the hybrid cloud computing market. We'll start with covering what Azure Arc is and what it isn't. We will talk about various services available under the Azure Arc umbrella and use cases.

We can apply the knowledge gathered from this chapter to the customer environment for modernizing on-premises architectures and governing the infrastructure via the Azure portal.

Additionally, to progress ahead in their career, specialists and administrators can benefit from this knowledge and the smooth transition in learning about the Microsoft Azure cloud and the vast spectrum of features it provides. This will provide you with an enriching learning curve as you explore the only service offering that brings together on-premises infrastructure and hybrid cloud in combination with infrastructure, data, and microservices architecture.

By the end of this chapter, we will have set a basis for further chapters by building the prerequisite lab infrastructure.

We'll be covering the following topics:

Technical requirements

To follow this chapter, you need to have an active Azure subscription with preferably owner rights at a subscription level, although rights at the resource group level will also work.

You can get a trial at https://azure.microsoft.com/en-in/free/ if you do not have an Azure subscription already.

Check out the following link to see the Code in Action video:

https://bit.ly/3ggcdz8

What is Azure Arc?

Over the last decade, Microsoft Azure established itself as a leader in the public cloud industry. Microsoft's hybrid cloud story started back in the early days of Azure with Windows Azure Pack and progressed with Azure Stack, Azure Stack HCI, and various other products.

In November 2019, at the Ignite conference in Orlando, FL, Microsoft announced Azure Arc, which is the latest addition to its hybrid cloud capabilities. In simple words, Azure Arc lets customers run Azure services anywhere they want, that is, in their data centers or in other public clouds, and manage them through their existing Azure management capabilities. You can now leverage your favorite Azure management tools and services to host your applications wherever you want, allowing you to utilize your existing hardware investments without adding management complexities and security risks.

As Figure 1.1 illustrates, Azure Arc extends the Azure cloud beyond Microsoft's data centers. You still interact with Azure tools (the portal, CLI, PowerShell, APIs, SDKs, and even third-party deployment tools such as Terraform), but rather than using them to interact with your Azure resources, you also leverage the same tools to interact with your on-premises infrastructure and other cloud platforms, including Amazon Web Services (AWS) and Google Cloud Platform (GCP):

Figure 1.1 – Azure Arc overview

Azure Arc is an umbrella of the services comprising hybrid cloud offerings across the infrastructure and data services. At the time of writing this book, it includes the following services. It is very likely that this list will continue to expand, and we will see more scenarios being included in Microsoft's hybrid cloud story:

- Azure Arc-enabled servers

- Azure Arc-enabled Kubernetes

- Azure Arc-enabled SQL Server

- Azure Arc-enabled data services

- Azure Arc-enabled machine learning (in private preview)

Multi-cloud architectures are an important pillar of the IT strategy for organizations of all sizes these days. With containerization and cloud-native deployments, migrating applications from one infrastructure platform to another isn't the tedious and time-consuming job it used to be years back. With Azure Arc, Microsoft is moving toward being the preferred cloud management platform for your multi-cloud architectures. You can now manage Kubernetes clusters running on AWS or GCP through the same tools you'd use to manage Azure Kubernetes Service.

With this, Azure provides a seamless management experience across on-premises data centers, edge environments, and multi-cloud architectures.

What Azure Arc isn't

Azure Arc is neither a private cloud solution nor a replacement of Azure Stack services. Azure Stack continues to grow as a go-to solution for building intelligent hybrid cloud solutions with specialized hardware.