- Apr 14

Azure Arc - What, How, IaC, Costs and More...

As more organisations require a multi-cloud architecture, they face challenges of managing resources across multiple cloud providers, on-premises data centres, and edge services. These challenges include security, compliance, governance, and automation.

What is Azure Arc?

Azure Arc is a form of orchestration service from Microsoft that allows organisations to manage resources across multiple environments. Azure Arc is cloud-native and enables unified management of servers, Kubernetes clusters, and applications across on-premises, multi-cloud, and edge environments from a single control plane. Infrastructure and operations teams can utilise a consistent management experience across different cloud providers, including Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.

Azure Arc unlocks several advantages, including:

Consistent management experience: Manage resources across different environments using a unified control plane, providing a consistent management experience.
Multi-cloud management: Manage resources across different cloud providers, including AWS, GCP, and Azure.
On-premises management: Manage resources in on-premises data centres and edge environments.
Security and compliance: Unified security and compliance experience across different environments, including on-premises and multi-cloud environments.
Automation: Automate resource provisioning, configuration, and updates across different environments using Azure Policy and Azure Automation.

How Does Azure Arc Work?

Azure Arc extends Microsoft Azure control plane to different environments by installing an agent on the resources in those ‘remote’ environments. The Azure Arc agent is a lightweight software agent that runs on Windows or Linux servers and edge devices. The agent connects to the Azure Arc control plane, think of this as an extension to Azure Resource Manager (ARM). The Azure Arc control plane runs on Microsoft Azure and provides the following services:

Azure Arc-enabled servers: Manage Windows and Linux servers in on-premises, multi-cloud, and edge environments using Azure management services. Azure Arc-enabled servers are managed using Azure Arc policies, which allow organisations to apply configuration, security, and compliance policies to servers across different environments.
Azure Arc-enabled Kubernetes clusters: Manage Kubernetes clusters across different environments using Azure management services. Azure Arc-enabled Kubernetes clusters are managed using Azure Arc policies, which allow organisations to apply configuration, security, and compliance policies to Kubernetes clusters across different environments.
Azure Arc-enabled data services: Manage data services, such as Azure SQL Managed Instance and PostgreSQL Hyperscale, on-premises, and multi-cloud environments using Azure management services. Azure Arc-enabled data services are managed using Azure Arc policies, which allow organisations to apply configuration, security, and compliance policies to data services across different environments.

Azure Arc also provides integration with Azure Policy and Azure Automation, which allows organisations to automate resource provisioning, configuration, and updates across different environments using Azure management services.

Infrastructure as Code (IaC)

Azure Arc provides several features and capabilities that can complement an ‘Infrastructure as Code’ approach. An ‘Infrastructure as Code’ or ‘IaC’ methodology involves using declarative definitions of infrastructure and configurations to automate the deployment, management, and scaling of infrastructure resources. Azure Arc can assist an IaC strategy in the following ways:

Consistent Configuration Management: Azure Arc provides a consistent management experience across different environments, including on-premises, multi-cloud, and edge environments. This means that you can use Azure Arc to apply consistent configurations, policies, and scripts to infrastructure resources across different environments.
Azure Policy: Azure Policy is a service in Azure that allows you to create, assign, and manage policies for resource compliance. Azure Arc enables you to apply Azure policies to resources running outside of Azure, including on-premises and multi-cloud environments. With Azure Policy, you can ensure that resources are deployed and configured according to organisational policies and standards.
Azure Resource Manager (ARM) Templates: Azure Arc supports ARM templates, which are declarative definitions of infrastructure and configurations. ARM templates can be used to automate the deployment and management of resources across different environments, including on-premises and multi-cloud environments. With Azure Arc, you can deploy ARM templates to resources running outside of Azure, providing a consistent infrastructure deployment experience.
Azure Automation: Azure Automation is a service in Azure that allows you to automate the deployment, management, and monitoring of resources. Azure Arc provides integration with Azure Automation, enabling you to automate resource provisioning, configuration, and updates across different environments using Azure Automation.
Azure Arc-enabled Kubernetes clusters: Azure Arc-enabled Kubernetes clusters allow you to manage Kubernetes clusters across different environments using Azure management services. Azure Arc-enabled Kubernetes clusters are managed using Azure Arc policies, which allow you to apply configuration, security, and compliance policies to Kubernetes clusters across different environments.

By leveraging Azure Arc's capabilities, organisations can manage infrastructure resources across different environments using an IaC approach, providing a consistent and automated management experience. With Azure Arc, you can use Azure Policy, ARM templates, Azure Automation, and Kubernetes management services to automate resource provisioning, configuration, and updates across different environments, including on-premises and multi-cloud environments.

Sounds Great, How Much Does It Cost?

The cost of Azure Arc depends on the specific services and features that you integrate or ‘Arc enable’. Some Azure Arc services are included with an existing Azure subscription, while others may have additional costs associated with them.

With Azure Arc you pay for the Azure services that you use to manage the servers, such as Azure Policy, Azure Automation, and Azure Monitor.

As an extension of Azure, Arc offers the below core control plane at no cost to customers, while preserving consistent pricing on all management and services originated from Azure.

Resource inventory and organisation through Azure resource groups and tags
Indexing and searching through Azure Resource Graph
Access and security through RBAC and subscriptions
Environments and automation through templates and extensions

Below Azure Arc-enabled services will be charged consistently as in the original Azure services, excluding any customer-provided infrastructure costs.

Azure Arc-enabled SQL Server
Azure Arc-enabled SQL Managed Instance
Azure Arc-enabled PostgreSQL (Preview)
Other arc-enabled services that become available.

Azure Arc enabled Kubernetes clusters also have no additional charges beyond the standard Kubernetes cluster charges. You only pay for the Azure services used to manage the Kubernetes clusters, again, this would be Azure Policy, Azure Automation, and Azure Monitor (for example).

Azure Arc enabled data services, which allows you to run Azure data services on any infrastructure, have usage-based pricing. You pay for the actual usage of the service, such as the number of vCores or storage used.

Azure Arc enabled SQL Server, which allows you to manage SQL Server instances running outside of Azure, has a per-instance fee. The fee is based on the number of cores in the instance, and there may be additional charges for features such as advanced threat protection. With Azure Arc-enabled SQL Server, customers can achieve improved cost efficiencies with a consumption-based billing model. Pay by the hour for spikes and ad-hoc usage and eliminate the need for a full upfront investment.

In addition to these specific Azure Arc services, there may be additional costs associated with using Azure services to manage resources running outside of Azure. For example, if you use Azure Automation to manage on-premises resources, you will pay for the Azure Automation runbooks used to automate tasks.

Example Cost Calculation

Here is an example cost calculation using the Azure Calculator with the following constraints;

All Azure services assumed geo: North Europe
Virtual Machines
Linux/Windows servers (IaaS) hosted in Azure: 50 instances/workloads - Free
Linux/Windows servers hosted in LPC: 50 VMs - £290/month
Container Clusters
Azure Arc enabled Kubernetes: 20vCPUs in the cluster - £22.74/month
SQL Servers
Azure Arc enabled SQL PaaS (MI): Single instance, General Purpose, 16 on-prem vCore(s), always on (31 days), Azure Hybrid Benefit, 3-year reservation (~24% saving) - £259.97/month
Azure Arc enabled SQL Server: Standard edition, 16 on-prem vCore(s), always on (31 days) - £966.98 /month

Total estimated Azure Arc cost for this example: £1,540/month*

*It's important to review the pricing details for each Azure Arc service to understand the specific costs associated with using the service. You can find up-to-date pricing details for Azure Arc services on the Azure pricing page.

What are the Disadvantages of Azure Arc?

While Azure Arc provides many benefits, there are some potential downsides to be aware of before deciding to use the service. Here are a few potential drawbacks of Azure Arc:

Complexity: Azure Arc can be a complex solution that may require significant setup and configuration. The process of deploying and configuring Azure Arc can be time-consuming and may require specialised skills and knowledge.
Cost: While some Azure Arc services are free, others may have additional costs associated with them. Organisations should carefully review the pricing details for each service to ensure they understand the potential costs.
Dependency on Azure: While Azure Arc allows organisations to manage resources outside of Azure, it still requires a strong dependency on Azure. Organisations may be uncomfortable with this level of dependence on a single cloud provider.
Limited support for non-Microsoft technologies: While Azure Arc supports some non-Microsoft technologies, such as Kubernetes, it may not support all the technologies and platforms that organisations use.
Security: Organisations should carefully consider the security implications of using Azure Arc. Azure Arc introduces new security risks that organisations must address, such as ensuring that on-premises resources are properly secured and possibly isolated from the internet.
Learning curve: Because Azure Arc is a relatively new service, organisations may need to invest time and resources in training their staff to use it effectively. Many of the features are in preview.

Overall, Azure Arc is a powerful tool that can help organisations manage resources across multiple clouds and on-premises environments. However, organisations should carefully consider the potential downsides before deciding to use the service.

What are the Alternatives to Arc?

There are several alternatives to Azure Arc that Organisations can consider, depending on their specific needs and requirements.

Here are 10 examples of solutions that offer comparable ways to achieve some of the Azure Arc capabilities. This is not a comprehensive list, the vendors listed below simply play in the same space or have feature overlap with Azure Arc but most of them are not strictly multi-cloud management tools.

Apache CloudStack: Open-source software designed to deploy and manage large networks of virtual machines, as a highly available, highly scalable Infrastructure as a Service (IaaS) cloud computing platform.

Rubrik: Helps organizations uphold data integrity, delivers data availability that withstands adverse conditions, continuously monitors data risks, and threats, and restores businesses with their data when infrastructure is attacked (only really made this list because of the Kubernetes orchestration)

Cloudify: Open source, end-to-end platform designed to transform network services and multi-cloud applications, connect branches, deploy, and manage multi-access edge and IoT devices, break down silos and deliver all services on-demand – automatically, at extreme edge scale.

Openstack: Open-source platform that uses pooled virtual resources to build and manage private and public clouds. The tools that comprise the OpenStack platform, called "projects," handle the core cloud-computing services of compute, networking, storage, identity, and image services.

Amazon CloudWatch: Enables you to monitor your complete stack (applications, infrastructure, network, and services) and use alarms, logs, and events data to take automated actions and reduce mean time to resolution (MTTR). This frees up important resources and allows you to focus on building applications and business value.

Morpheus Data: Hybrid cloud management platform provides a unified self-service provisioning experience across private, hosted, and public clouds as well as fine-grained role-based access controls to make sure tenants and users stay within the right IT, Security, and Finance guardrails.

Turbonomic: IBM Turbonomic hybrid cloud cost optimization software is used by customers to assure application performance while eliminating inefficiencies by dynamically resourcing applications across hybrid and multi cloud environments.

Oomnitza: An Enterprise Technology Management (ETM) solution that empowers enterprise IT organizations to scale by orchestrating and automating key business processes across siloed technologies.

Flexera: Delivers SaaS-based IT management solutions that enable enterprises to accelerate digital transformation and multiply the value of their technology investments. Helps organizations inform their IT with unparalleled visibility into complex hybrid ecosystems.

Google Cloud Anthos: An alternative to using Kubernetes. The key difference between the two is that Google Cloud Anthos is a step up from Kubernetes clusters; it helps manage the problem of multiple clusters. Whether you need Anthos or K8s depends on the number of clusters required to run services smoothly.

Each of these alternatives has its own strengths and weaknesses, and organisations should carefully evaluate each option to determine which one best meets their needs.

Here are some reasons why Azure Arc may be the best option for your business:

Multi-cloud management: Azure Arc provides a single control plane to manage resources across multiple clouds and on-premises environments, which can be especially beneficial for organisations with a hybrid or multi-cloud strategy.
Consistent management experience: Azure Arc allows organisations to use familiar Azure management tools and services to manage resources outside of Azure, which can help streamline management and reduce the learning curve for IT staff.
Flexibility: Azure Arc allows organisations to deploy Azure services and capabilities to any infrastructure, including on-premises datacentres and other clouds, providing greater flexibility and agility.
Security and compliance: Azure Arc provides a unified approach to security and compliance across multiple environments, making it easier for organisations to ensure that their resources are properly secured and compliant.
Integration with existing Azure services: Azure Arc integrates with a wide range of Azure services, including Azure Policy, Azure Security Centre, and Azure Monitor, allowing organisations to take advantage of these services to manage resources outside of Azure.

Ultimately, whether Azure Arc is the best option for an organisation will depend on its specific needs and requirements. Organisations should carefully evaluate Azure Arc and other options to determine which one best meets their needs.