Azure Arc - Simplified and Hands On Lab experience with GITOps & Microsoft Defender

Thanks to #wipfli 's 40 hrs/year upskilling policy, Today I attended Microsoft Azure Immersion Workshop: Hybrid Cloud Solutions hands on training. I got chance to explore how Azure Arc is used to connect on-premise resources to Azure Platform to leverage the Azure Infrastructure, Services & Governance. Sharing my Basic learning here with you all, Please do comment if you get the basic concept of using Azure Arc.

What is Azure Arc?

Azure Arc is a bridge that extends the Azure platform so you can build applications and services with the flexibility to run across datacenters, edge, and multicloud environments. Azure Arc provides a consistent development, operations, and security model for both new and existing applications. You use the same tools, the same security and governance technologies to create and manage application and infrastructure resources. Just like in Azure datacenters, a subset of Azure services for application, data, and AI are there to use on both new and existing hardware, virtualization, and Kubernetes platforms, IoT devices, and integrated systems.

Azure Arc Hands-on Labs Experience and a use case for Azure ARC

With Azure Arc virtual environments, we do not require any complex set-up or installations.

Azure ARC Use Case:

Let’s consider SS Tech, an imaginary large manufacturing organization. Their IT systems run Windows, Linux, SQL Servers, Kubernetes clusters and Database instances across multiple locations, including on-premises datacenters, distribution centers and multiple public clouds. This poses operational challenges for SS Tech. They’d like to simplify building applications and services and managing infrastructure across these locations.

With Azure Arc, SS Tech can take advantage of a consistent set of tools and services from them to extend cloud technology across their distributed environments. They already take advantage of the core management capabilities such as tagging, update management, governance with Azure Policy, monitoring with Azure Monitor, security with Microsoft Defender for Cloud, and more for their Azure workloads but would like to extend these same capabilities to their resources outside Azure. By onboarding their servers and Kubernetes clusters running outside Azure to Azure Arc, SS Tech can take advantage of all the Azure Resource Manager (ARM) capabilities mentioned above. In addition, with Azure Arc enabled Kubernetes, SS Tech can guarantee Kubernetes deployments and app consistency through GitOps-based configuration management for their Kubernetes clusters in Azure, on-premises and in other clouds.

Leveraging Azure Arc-enabled data services, SS Tech is interested in implementing cloud-native, evergreen versions of SQL Managed Instance to reduce the management overhead and deploy their applications and databases anywhere with elastic scale.

What is GIT-OPs?

GitOps is a way of implementing Continuous Deployment for cloud native applications. It focuses on a developer-centric experience when operating infrastructure, by using tools developers are already familiar with, including Git and Continuous Deployment tools.

The core idea of GitOps is having a Git repository that always contains declarative descriptions of the infrastructure currently desired in the production environment and an automated process to make the production environment match the described state in the repository. If you want to deploy a new application or update an existing one, you only need to update the repository - the automated process handles everything else. It’s like having cruise control for managing your applications in production.

For more details please check : https://www.gitops.tech/

Role of Microsoft Defender on the cloud with reference to Azure Arc

Microsoft Defender for cloud can monitor the security posture of your non-Azure computers, but first you need to connect them to Azure. You can connect your non-Azure computers in any of the following ways:

1. Using Azure Arc enabled servers (recommended)
2. From Microsoft Defender for cloud's pages in the Azure portal (Getting started and Inventory)

Why use Microsoft Defender for your On-Premise servers?

Protecting your business against growing security threats is a huge priority. Companies of all sizes have increased their spending on cybersecurity solutions to protect their operations over the last year.?User spending for the information security and risk management market will grow to USD169.2 billion in 2022, with a constant currency growth of 12.3 percent. The market will reach USD261.9 billion in 2026, with a constant currency growth of 11.1 percent (2021 to 2026).1?And though spending is increasing, cybercriminals aren’t going to slow down their attacks. The average cost of a data breach increased to USD4.35 million in 2022—an all-time high.2?With today’s economic uncertainty and ongoing talent shortages, organizations need comprehensive security that allows them to protect more without expending more.

In a constantly changing world, Microsoft use threat intelligence, AI, and automation to create a virtuous cycle of signals to evolve and respond faster to bad actors and events. Microsoft bring this vision to life with?Microsoft Defender for Cloud, integrated cloud-native application protection solution for hybrid and multicloud environments. Defender for Cloud strengthens security posture, accelerates protection against modern threats, and reduces risk throughout the cloud application lifecycle so organizations can stay protected.

Finally, another use case that we learned to deploy in Lab is of Azure Arc and Kubernetes

Due to Lab access restriction, I am unable to share Guide and other resources. If you are interested in learning more, watch out for next Azure Immersion Workshops at Microsoft Customer Immersions Microsoft 365 | azure

Learn more about Azure Arc: Azure Arc - Hybrid and Multicloud Management | Microsoft Azure

Please do share this article if you find it helpful for new or basic learners of Azure Platform.

About Shahab?: Shahab has over 20 years experience working in various technologies and platforms across multiple domains.?Shahab is tech lead on Azure Microsoft Community Training Platform (MCT) and is facilitator of Wipfli's QA/Testing Technology Guild where his role is to work on continuous improvement of QA Processes. This article is written to share Azure Arc experience with others to help the community.?Please email?[email protected]?for any questions on Azure MCT Deployment for your organization or if you organization needs help in doing full scale QA for your Projects.

About Wipfli?:?Wipfli?full Lifecycle approach is to connect you with business value through technology.?Wipfli works on turn key projects in Education, Non-Profit, Analytics, AI/ML, Insurance, Logistics, Healthcare, Manufacturing and Niche Industries domains. Wipfli works in Blockchain, Guidewire, IoT, Mobile, DotNet, JAVA and lot many technologies. If you need consulting for your organization, I invite you to contact to your Wipfli relationship executive or send an email to Chengappa at?[email protected] ?. We have the Right mix of People, Process, and Technology to help you succeed.