Azure Arc: What partners can offer?

Guidance for Azure Arc Offerings

Our partners are investing their time and efforts in adopting Azure Arc. The most common question they ask is what kind of service or offering they can offer to their existing or new customers.

As most of the customers across the globe have a multi-cloud presence ( On-Prem and Public cloud), Azure Arc adoption makes their infrastructure ready to leverage other use cases of Azure Arc like building cloud-native apps, running azure data, and machine learning services anywhere. Also, Azure Arc-based hybrid cloud management is the easiest use case, to begin with.

This article is an attempt to share some insights & guidance on what kind of services can be offered under the umbrella of Azure Arc Managed Services for Servers.

?There are 3 services that a partner can offer to their customers or for their own adoption.

?The services are as follows:

?1.???Hybrid Cloud Management Assessment

2.???Azure Arc Hybrid Cloud Management: Setup & Govern

3.???Secure & Defend (Arc Enabled Servers)

This article talks about these three services in detail. The details which are available for each service are captured in the following format:

Service Name

One liner description

Service Details: What partner will do as part of this service?

Deliverables: What outcomes end customers or internal stakeholders can expect?

?

This service is to assess customer multi-cloud environments which can be managed via Azure Arc.

?Service Details: ?Assessment

?Assess multi-cloud (non-Azure) landscape

• Assess Environment Size (# of environments, # of endpoints, # of locations)
• Assess Environment (Hypervisor type, OS types & version, K8S clusters, SQL Servers)
• Assess existing tools/solutions involved or in use
• Existing monitoring solutions
• Existing patching solutions
• Existing security Solutions

?Outcome/Deliverables:

As part of this assessment, the partner can provide the following deliverables:

Readiness Report

• Endpoints ready
• Endpoints not ready
• K8S clusters ready
• SQL Servers ready

?Azure services & solutions recommended

• Update Management
• Azure Policy
• Defender for Cloud
• Microsoft Sentinel

?Costs & Savings Report

• Estimated running costs based on services/solutions recommended.
• Estimated costs savings by switching to Azure solutions/services.

?High-level deployment architecture

• High-Level Architecture
• Inventory Tagging
• Log analytics workspace location
• Suggested RBAC for Level 1 Ops team of customers & partners

?

This service is to set up & govern hybrid cloud management via Azure Arc for non-azure servers running across private clouds & other public clouds.

?Service Details: Setup & Govern:

?For non-azure servers running across private clouds & other public clouds:

• ?Setup inventory tagging (within Azure)
• Setup Azure monitoring & dedicated dashboards for servers/K8S onboarded via Azure Arc (Arc enabled servers / Arc enabled Kubernetes )
• Setup Azure policy to maintain global compliance standards like HIPPA, FedRAMP, etc.
• Manage Operating system updates via Update Management
• Onboard SQL Server VM & perform health check assessment
• Setup RBAC for the Ops Team who will manage Azure Arc enabled infrastructure (Servers, Kubernetes)

?

Outcome/Deliverables:

As part of this assessment, the partner can provide the following deliverables:

Deployment architecture document ( detailed )

• Resource Groups (Name, Location)
• Inventory Tagging (within Azure)
• Log analytics workspace (Name, Location)
• Solutions/Services implemented & configured (Azure Monitor, Azure Policies)
• Communications configured (email, ticketing tool) and frequency
• Escalations path (leverage already established escalation path)
• RBAC for Ops team ( Group Name, RBAC Scope )
• Operations tasks

Tasks List (Daily, Weekly, Monthly)

• Workbooks

Workbook details

KQL queries used

This service is to maintain security posture & workload protection for non-azure servers running across private clouds & other public clouds.

?Details: Secure and Defend Arc enabled Servers

?For supported non-azure servers, running across private clouds & other public clouds:

• ?Install Connected machine agent on non-Azure servers
• Create a Log Analytics workspace (if not available)
• Onboard non-Azure servers via Defender for Cloud
• Onboard AWS accounts and/or GCP projects to Defender for Cloud for CSPM (Optional)
• Configure Defender for Cloud connector in Microsoft Sentinel (Optional)
• Setup & apply Azure policy for security standards like Azure Security Benchmark (v3) or Azure.
• Setup & apply the guest configuration to maintain security postures (Optional)

??

Outcome/Deliverables:

As part of this assessment, the partner can provide the following deliverables:

Deployment architecture document ( detailed )

• Resource Groups (Name, Location)
• Log analytics workspace (Name, Location)
• Azure policies applied
• Azure guest configuration applied (if any)
• Communications configured (email, ticketing tool) and frequency
• Escalations path (leverage already established escalation path)
• ?Security Operations tasks

# of servers protected

Recommendations (Available, remediated & disabled)

Secure score tracker

• ?Workbooks

Workbook details

KQL queries used

Reference Links for additional guidance

Ready methodology for hybrid and multi-cloud strategy - Cloud Adoption Framework | Microsoft Docs

Overview | Azure Arc Jumpstart

PS: This is more of a guidance and partners can adopt or expand based on these insights. Also, these services are around Azure Arc enabled Servers & there are other services they can offer around Arc enabled Kubernetes, Data services or bring Azure native services to customer infrastructure.