Follow me:
Listen on:

Day Two Cloud 126: Azure Arc And Building A Hybrid Cloud

Episode 126

Play episode

Microsoft’s Azure Arc is a service that lets you deploy Azure resources on any infrastructure—Azure cloud and on-prem—and link that infrastructure to the Azure portal for a single point of management. It provides configuration, monitoring, and more for Windows and Linux servers, SQL servers, and Kubernetes (K8s) clusters whether they are local or in the public cloud. Microsoft is positioning Azure Arc to support hybrid cloud initiatives.

On today’s Day Two Cloud, we dig into Azure Arc with guest Ben Weissman, a Data Passionist at the consulting firm Solisyon. He’s also a Microsoft MVP and Pluralsight course creator.

We discuss:

  • Azure’s approach to hybrid cloud
  • Hybrid cloud challenges
  • How Azure Arc fits into other Azure offerings
  • What you need on-prem and in the cloud to use Azure Arc
  • Pricing issues
  • More


    1. The future is hybrid – for most of us at least. Find a way to deal with that!
    2. Simplicity is king – automation is a big part of that simplicity
      • Look into infrastructure as code
      • Powershell
      • bicep
    3. Use k8s (You’ll get it when you start looking into Azure Arc-enabled data services.)

Sponsor: Juniper Apstra

Apstra’s Intent-Based solution simplifies data center network deployment, operations, and management from Day 0 through Day 2. It delivers automation and continuous validation of your data center network in multi-vendor environments. The result is savings on downstream costs and exponentially more value from your network investments. Find out more at

Show Links:

@bweissman – Ben Weissman on Twitter

Deploying Azure Resources Using Bicep – Pluralsight

Ben Weissman’s Pluralsight courses

Azure Arc-Enabled Data Services Revealed – APress



[00:00:00.850] – Ethan
Sponsor Juniper Appstra’s intent based multi vendor networking solution helps you build your data center network to a specific design, then make sure it stays within that spec deployment, automation and continuous validation. Find out more at Juniper dot. Net PacketPushers Appstrap.

[00:00:24.210] – Ned
Welcome to Day Two Cloud. Today’s topic is going to be about the hybrid cloud and Azure Arc. Yes, it’s going to be another Azure service, but this one is not focused on Azure things. It’s focused on Prem and other clouds. What’s that all about?

[00:00:41.430] – Ethan
Yeah, well, you can certainly deal with Azure stuff, right? But Arc gives you this sort of an umbrella manager so you can manage things that are both in Azure and on premises. So it’s dare I say it hybrid cloud related Ned.

[00:00:57.870] – Ned
Oh, no.

[00:00:58.510] – Ned
We use the dreaded each word. And here to school us all about Azure Arc is Ben Weisman. He is a data passionate about data and a Microsoft MVP, so enjoy the show with him and Azure Arc. Well, Ben Weisman, welcome to Day Two Cloud. And let’s start with the easy stuff. Ben, who are you? And what would you say you do around here?

[00:01:21.950] – Ben
That’s kind of a philosophical question. Who am I? Who are we? Why are we here? What did I sign up for here? No, my name is Ben Weisman. I’m a data Passionist from Newbrook Germany. I’m running a small consultancy from here. We’re mainly focusing on stuff like data warehousing and Bi. I’m also Microsoft data platform MVP. And due to this whole pandemic thing, I spend way less time traveling and in exchange, way more time offering stuff. So I actually also offered a couple, of course, around all kinds of data topics with Pluralsight apres over the last couple of months.

[00:01:58.800] – Ben
Over the last 18 months, I would say when I’m not working and when I’m not authoring stuff, I’m a Lego enthusiast, and I used to be very active runner. That changed a bit earlier this year because we had a baby, which is great, but it led to, let’s say, shift in priorities. So the question, what do I do around here? Not much sleeping, but other than that.

[00:02:26.430] – Ned
Well, Ethan and I are both parents, so we absolutely understand that shift in priorities. And trust me, eventually you’ll get back to the running. I know I certainly did. I’m on a hiatus myself because I broke one of my toes, but I’ll be back on my feet shortly.

[00:02:40.960] – Ethan
Ben, I am also a Lego enthusiast. By the way, if I were to spin this camera, you would see on my shelf right over there. The Galaxy Explorer, which, as a child of the 80s in the catalog, that was the one I wanted. Oh, I couldn’t wait to get it. And I got it one Christmas and I’ve never lived it. It’s been so such a joy still on my shelf up there intact. The Galaxy Explorer away.

[00:03:04.750] – Ben

[00:03:05.590] – Ned
All right. I’ll let you two nerd out after the episode, perhaps at some point.

[00:03:09.660] – Ben
Ethan, let me give you a tour of the office because the office is kind of a Lego Museum at this point.

[00:03:16.380] – Ned
Oh, my goodness. Well, the reason we are here is not to talk about Lego, necessarily. I know I entrapped you with enticings of Lego.

[00:03:26.070] – Ben
It’s disappointing.

[00:03:27.390] – Ned
We’re going to talk about hybrid cloud and the different approaches that vendors have suggested for hybrid cloud. So my question to you, Ben, is when the vendors are coming up with all their different solutions for hybrid cloud, what are they actually trying to solve for?

[00:03:44.930] – Ben
Of course, it depends. And this will kind of probably be the running joke. And me being a consultant kind of my answer to every single question, but there’s some seriousness to it, with the point being, I think many vendors are still figuring out the cloud. If you think back, like, 1015 years, when we first started talking about clouds, you saw all kinds of vendors, Microsoft, Amazon, Google, and all like, hey, come to the cloud. And at this point, everyone was okay. I kind of have to figure out.

[00:04:11.060] – Ben
Okay, this is the cloud I’m going to because Microsoft told me that’s where everyone is going or Amazon said, yeah, but our cloud is faster. And Google said, our cloud is cheaper or whatever. And then people realize vendors and customers both are like, okay, we haven’t really got this right. There is not the cloud. There’s a multitude of cloud, and there may just not be one size fits all up to the point that there may be solutions that will never move to the cloud for infrastructure reason, because you’re using some kind of legacy system that you don’t want to or can’t get rid of.

[00:04:44.190] – Ben
So I think for the foreseeable future, with very few exceptions, this world will be a hybrid world, meaning we will still have stuff on Prem. We will still have stuff in the cloud and in the cloud. I mean multiple clouds. In most cases, just think of so many vendors that don’t even offer their stuff in the Microsoft cloud or in the Google cloud or in the Amazon cloud. But they just say we’re running our own cloud so you can get our software as a service or platform.

[00:05:10.780] – Ben
But you’re not going to get it from somebody else’s going to get it from us because they want a piece of that very big take as well. So what I’m seeing is they realize they’re not going to convince you to move all your stuff into their cloud. So they’re trying to add value in their products and make it therefore more interesting, which is obviously easy if you own the product. Like, if I’m the developing company of a data platform tool of a database engine, I may have means of making this thing work more in my way than others do, but also reduce complexity.

[00:05:46.910] – Ben
Make it easy. They have realized, okay, people might be moving from A to B, but not 100%. So see how you can have multiple clouds, kind of work together and work AKS a piece, right?

[00:05:59.750] – Ned
Yeah. We’re seeing a lot of different challenges around that. Partly it’s the management problem. I now have five clouds instead of just what I had on Prem, so I got to get my arms around that. And there’s also the challenge of migrations. Can I move an app from one to the other? What’s the benefit and what’s the cost that you mentioned that vendors have products for this kind of stuff? They’re trying to meet us where we are. Microsoft has just a lot of products, man. They’ve been making stuff, obviously for years, and there’s a lot of different product groups.

[00:06:29.670] – Ned
So sometimes there’s competition between the groups. So I’m hoping you can help me out here to sort of disentangle some of this. We’ve got Azure Stack, we’ve got Config Manager, and now Azure Arc is being pushed. What are all these things? And why would you use one over the other?

[00:06:46.950] – Ben
You forgot system center and like a gazillion, other tools just for Microsoft. And I honestly think there’s a truth that in some PaaS, it’s really just different teams that may not be knowing what the other hand is kind of doing, but that’s most probably also a very rare case. But I still do think it happens at a company the size of Microsoft. And again, or Amazon or any of the others. I would be highly surprised if not at some point, people realize, oh, we’ve been working on the same thing.

[00:07:19.520] – Ben
We just weren’t allowed to talk about with each other. So the things that you mentioned, Azure Stack, Config Manager and Arc, they’re kind of different things for different use cases. If you look at Azure Stack, Azure Stack is kind of hardware appliance, basically. So you kind of want to use Azure services, but for infrastructure or legal reasons, you cannot actually move to the Microsoft cloud. So you buy a piece of hardware, that kind of gives you all it gives you the portal, and it gives you VMs, not every single Azure service by far, but a bunch of them.

[00:07:53.110] – Ben
And you just deploy that piece of hardware, that appliance and basically run your own Azure on premises or on your oil Rick or whatever it is the cruise ship.

[00:08:02.830] – Ned
That’s what they say. Run a cruise ship.

[00:08:05.290] – Ben

[00:08:05.830] – Ned

[00:08:06.760] – Ben
Awesome. There we go. Well, Config Manager is kind of I haven’t personally used it. I looked into it. So from my understanding and please chime in and correct me on everything that’s wrong. But from my understanding, Config Manager is mainly really about kind of what system center does and deploy policies and stuff to machines. So yeah, I’m running like a gazillion, not just VMs, but also laptops and stuff. And I’m just using that to make sure they’re all following the same rules. Azure Arc does something completely different.

[00:08:43.120] – Ben
And still, it would also run on Azure stack. So it’s not that big. Azure Arc basically brings Arm to wherever you have stuff. Kind of so you can deploy Azure resources to any infrastructure and you can link any infrastructure to the Azure portal to have a single point of management. So it bridges the gap between everything that’s not in Azure and the stuff that is in Azure. So Azure kind of becomes your one stop shop to get an overview of everything that’s happening, even though it is outside of Edge.

[00:09:17.190] – Ethan
So Arc is a configuration tool or a monitoring tool, or is it all of those things?

[00:09:25.890] – Ben
It is all of those things and more so it depends. Think of Arc kind of like a brand. And below Arc, there’s currently five different offerings. There’s. Azure Arc enabled server, Azure Arch enabled SQL Server Azure Arc enabled Kubernetes Azure Arc enabled machine learning Azure Arc enabled data services. Those are the five things that are out there right now, right?

[00:09:53.330] – Ethan
All of that, those five categories, and it looks like it gives you the ability to manage all of these services as if they Azure, an Azure service, even if they’re local. And it gives you a bunch of templates. You mentioned Arm and so on to stand up these services, see how these services are doing, correct and do it all in one interface. Again, whether they’re local or whether they’re actually hosted in Azure, correct.

[00:10:19.780] – Ben
Azure Arc enabled data service is kind of the outlier in that, but the other four. The point is basically you have something that exists outside of Azure and you want to see it in the portal. So you have 100 VMs running in the Amazon cloud. You have another 50 SQL servers running on Prem, and you have two Kubernetes clusters running in the Google cloud. You bring all those into the Azure world, but you only bring in the metadata. So basically what you do is you install some kind of agent on them, and that agent differs depending on what you do.

[00:10:53.700] – Ben
So the agent for SQL Server will be a different agent for a Linux server, then the agent for a Windows server. You can deploy them one by one or you can automate that deployment so you could have a script that is using a service principle. So a service account in Azure, where you say, okay, I’m going to run this script unattended on all my 100 machines. And boom, they all show up in the Azure portal. Basically, in that way, it gives me the monitoring experience. It gives me the setting of policies.

[00:11:21.690] – Ben
It will say you could monitor backups. You could say, oh, I want to change the Windows update policy on all of my machines no matter where they are, and you do it in one central spot. So for those, it’s mainly a management monitoring perspective. Azure Arch enabled Kubernetes also brings a bunch of other stuff. So there’s stuff like Azure functions like Azure Web service, app services that you can usually only deploy to Azure. That’s what they’re called Azure functions. And now you can say, hey, I’m taking whichever Kubernetes service that I’ve deployed on Prem that I’ve deployed in any cloud, make it Arc enabled, therefore connected to Azure, and therefore make this kind of an Azure Kubernetes cluster, even though it’s not an Azure Kubernetes service.

[00:12:08.660] – Ben
And now you can deploy stuff to it like an Azure function. So you can have an Azure function that runs in Azure or on Prem or an AWS and use the exact same code for it, because the stuff that you can do with a Python script in an Azure function, you could in theory, take that to any kind of VM, but you don’t get, like, the comfort and everything that you get from something like an Azure function.

[00:12:30.760] – Ethan
Which is something that’s super pretty neat and the magic to bring all of these services on care and feeding of Arc seemed to be a script I was reading through the Jumpstart Guide to bring a lot of these services on board. It didn’t seem like rocket science to make all of that happen.

[00:12:47.890] – Ben
From an engineering point. It probably is. But from an end user point, it really is. Bam. There you go. So Azure Arch enabled Data Services gets your SQL managed instance that you can deploy anywhere. Actually, recently did a video with one of the Microsoft guys where it was using my stream deck. So on my stream deck, I just used a button. And every single time I pushed that button during that conversation, it deployed a managed instance on premises for me, because that’s how easy we might argue about the actual use case of that.

[00:13:24.350] – Ben

[00:13:25.180] – Ned
So we talked about server that’s to manage virtual machines, or I guess physical machines, too, wherever they might be. We’ve got SQL Server. So with the SQL Serverless component, you mentioned a managed version that’s Data Services. But there’s also if I just have a cluster of SQL servers, I can install the agents. Do I get configuration control out of that, or is it purely just monitoring for information about how that cluster is running?

[00:13:53.990] – Ben
Well, you do get some kind of configuration management stuff like policies and so. But it has its limits. So it’s not as if you were sitting in front of that box. Okay. Our enabled SQL Server, mainly policy management monitoring. And since monitoring is using Azure monitoring, it means you can also use all kinds of alerts and stuff. So you really get one of the typical use cases for that that I see is okay. There’s two companies that just merged on potentially small companies, and one of them built everything in Azure.

[00:14:25.930] – Ben
One of them built everything in AWS. They will never have the manpower to merge that together in one cloud. But at least now they can say, okay, this is kind of our policy unless someone did something in AWS that’s not working in Azure. Like, for example, an Azure virtual machine can never have the word Windows in its name in AWS. It can interesting. That also means you cannot onboard that has Windows in its name. So you may have to actually rename a couple of the machines, but that’s wild.

[00:14:57.630] – Ben
It is. And I figured that out the hard way.

[00:15:02.610] – Ned
It sounds like that was something clean from experience, not just from reading on a Doc somewhere. Oh, my goodness. Okay, so that’s the first two. The next one was even Azure.

[00:15:11.000] – Ben
It isn’t the docs.

[00:15:13.990] – Ned
The next one was Kubernetes. Now, are you deploying a Kubernetes cluster or are you just sort of managing and monitoring and existing managing and the existing cluster?

[00:15:24.910] – Ben
So you have to set up the cluster yourself. But once you do, you get monitoring stuff, which in Kubernetes, you could deploy Grafana, Cuban and all the default industry standard monitoring tools that come with Kubernetes. But that way you really get that kind of out of the box. Again, you can set up all these alerts and monitoring, and you can also deploy new applications or PaaS or anything to that cluster. And that’s also the way Archenabled data services work enabled data services purely run on Kubernetes. If you say, hey, I want to have that managed instance.

[00:15:58.420] – Ben
I want to install it on my Windows box. Well, you may want to have that, but you’re not going to get it, because Arc enabled data services just like the previous thing. Big data clusters, which came with SQL 2019, only works on Kubernetes. And that also kind of is the end game or the answer to the question that I’ve been as a data guy. I’ve been wondering myself, why are they doing that whole thing with SQL and Linux and stuff? What’s the point? This kind of is the point because now we’re at a point we get something to make that work so fast and so efficient and so easy.

[00:16:33.420] – Ben
Despite all the stuff that is happening in the background, it had to be containerized and Windows containers suck. Let me just say that again, Windows containers suck, just in case it wasn’t here the first time.

[00:16:47.800] – Ned
No argument here on that one.

[00:16:52.710] – Ethan
Let me ask you a real practical question here. Now that we have a good sense of what Arc is all about, why, if I’m the end consumer of Azure and I’m looking at Arc, what is driving me to Arc enable all of these things? Is it simply that unified plane, or do I get a bigger benefit, a bigger bang for my buck out of it?

[00:17:12.450] – Ben
So it depends, of course, Server and SQL Server. From my perspective, it is mainly that. So it is mainly having that single control plane that gives me that overview with data services and architect machine learning. It’s more than that. So with data services like I said you’re getting a managed instance. First of all, you’re getting a product on Prem or in any infrastructure that you could not get outside of the Azure club before. So if you say, Well, I really like that product, but I can move it to the Azure cloud for whichever reason, again being it.

[00:17:47.810] – Ben
Well, I just don’t have the bandwidth for it or all of my other stuff sits in AWS. It just doesn’t make sense to host that database in Azure and stuff. You’re getting a product that you don’t get anywhere else and you get the payment model from a cloud based service plus part of the service agreement. I mean, obviously, if you get a regular managed instance in Azure, Microsoft is also giving you an SLA on hardware and stuff for some reason, they don’t give you an SLA on your own hardware.

[00:18:14.950] – Ben
Why Microsoft, if you’re listening, why they bring you stuff like automated updates, automated backups, and so all the stuff that you would expect from a managed cloud service. And the other thing is you can neatly scale it up and down and you get pay per use.

[00:18:35.950] – Ned
That’s interesting.

[00:18:36.830] – Ben
And this is where it’s getting interesting for quite a bunch of customers that are like, well, we’re running this huge job, but we only run it like once a month and it needs, like, a Gazillion CPU and the rest of the month. We could basically shut down that box because it’s doing nothing. But still, we have to buy those millions of dollars worth of Enterprise Edition licenses and still have to make sure we apply those updates every single month only to run that single job. Well, now you basically run that whole thing on Cuban at ease and scale it up and down as you please and pay as you go.

[00:19:09.240] – Ben
So you also only pay for those resources used and having a pay as you go model on your own infrastructure. I think that is super neat.

[00:19:18.370] – Ned
Yeah. So it sounds like you’ve been working actively with Azure Arc with some folks out there. I want to ask you for specifics on any companies, because obviously you don’t want to tell us all about that. But if you can just describe some of the projects you’ve worked on in general terms, so we can get a sense of what you’ve been working on and maybe some of the issues you’ve run into as you’re trying to deploy this service.

[00:19:42.730] – Ben
So it’s mostly the typical hybrid situation where you have someone that’s like, okay, this is kind of the end goal. We kind of want to move to Azure, but we don’t know if it’s going to be in a year or in two or in 20, but we’re going there for sure at some point. Also, mostly customers that were at a point where they’re like, okay, the infrastructure that we have right now just doesn’t do anymore. Like being on SQL Server 20, 12, 20, 14 or potentially even something older than that one.

[00:20:13.250] – Ben
Okay, we got to do some something about that. What do we do now without moving to the cloud right away? And that’s it. If I get an Mi onprem now and then after that, I’ll move to an Mi in Azure, that’s the other nice thing portability. If you have something that you can deploy anywhere on Prem in any cloud or in Azure, you don’t have to vendor lock in right now on what you’re trying to do in five years, because that’s kind of the situation many of these customers are in.

[00:20:41.520] – Ben
I have no idea what I’m going to do. We’re kind of aiming for Azure at this point, but potentially at some point we’re going to use another CRM system and they’re going to tell us, yeah, but you can only do that on this and that cloud. Do I kind of want to go back three years then, or am I just picking something now and that’s again, the beauty of Kubernetes. It deploys everywhere. And you just take that configuration, since everything is infrastructure as code and deployed somewhere else and be done.

[00:21:11.190] – Ben
So all that flexibility, that is kind of where most people are pushing from. To be honest, not so many things that went wrong so far. But then again, data services, which is the thing that I mainly use being a data guy only G eight two months ago, so they didn’t have much time to screw that up yet. I mean, obviously lots of things that went wrong in preview. But then again, that’s kind of what you expect.

[00:21:37.570] – Ethan
I interrupt this podcast conversation and possibly myself to explain who the heck sponsor Abstract is, in a nutshell, multi vendor network automation plus continuous validation. And I stress multi vendor, because if you’ve been paying attention to acquisition news, you know that Abstract was bought by Juniper a while back, so you might be thinking you don’t care about Abstract unless you’re a Juniper shop, and that is just not true. Appsta can handle data center network automation across a spectrum of vendors. So what do we mean by data center automation anyway?

[00:22:06.890] – Ethan
We mean that you designed the DC network to meet some business requirements you have. And you do that within the App Store interface. And let’s say it’s leaf Spine with EVPN appstress got access to the network devices themselves. And it takes your intent to create that leaf spine physical network with an EVP and overlay and configure it for you. I mean, after can’t plug the cables in for you, right. You still have to do that bit. But Astra can tell you when the cabling is out of Whack, whether that’s during the day zero build out phase of the day two.

[00:22:34.620] – Ethan
Hey, it looks like an optic failed phase. And that’s sort of the point here. Cabling routing relationships, device and link addressing inter switch links, VXLAN V taps, mappings tons of these things. So many that you don’t want to have to do that configuration yourself. It seems fun until you’re actually building it and then you realize it’s totally not fun. You want software to stand up the data center fabric for you. Software’s not going to fat finger an address. Software is not going to forget to update BGP policy.

[00:23:04.440] – Ethan
Software software loves you, okay, not all software loves you, but Appstore does so much so that it not only helps get that fabric built, but keeps it built the way you intended. Something goes out of spec after will enforce your intent, which should help you reduce security vulnerabilities, by the way, and alert you to the bits that need a human’s attention. A street claims up to 80% improvements in operational efficiency, 70% improvements in mean time to resolution, and 90% improvements in time to deliver. And that is a lot of love.

[00:23:37.650] – Ethan
Find out more at Juniper Net Packet Pusherstra if you’re a data center network engineer, this is worth your investigation once more. That’s Juniper Net packetpusherstra. And if you talk to your Juniper rep about Abstra, make sure to tell them you heard about them on packet pushers, Juniper Net packet pusherstra. And now back to the podcast.

[00:24:03.970] – Ethan
You just made a point, Ben, that I think maybe we’ve obfuscated a little bit talking about Arc as a product. And you said infrastructure is code. That is to say, for infrastructure that I put into the care and feeding of Arc, I can interface with Arc to manage that infrastructure using programmatic techniques. Is that what you’re saying?

[00:24:20.750] – Ben
Correct for anything that runs on Kubernetes anyway? Because Kubernetes is infrastructure. Anything that runs through Arc also runs through our templates, or even better bicep templates. If you’re using Arm templates today and you have not looked into by Sep yet, looking to buy CPU will love it. Trust me, you’re welcome. I mean, the whole cloud thing is getting so overwhelming, especially for smaller shops that just don’t have it departments of potentially hundreds of people. So I think infrastructure is code and any kind of automation might just be a small piece of a PowerShell script or whatever.

[00:25:05.410] – Ben
Doesn’t always have to be like the huge TerraForm solution, but anything that gets you reproducible results, no matter where you’re deploying to that is kind of the end goal for everything here, because that means I don’t have to make a decision today that I cannot reverse without it being super painful or six months from now. Got you.

[00:25:29.940] – Ned
Okay, that makes sense. And I think another important thing to call out is Microsoft has sort of selected Kubernetes as the common platform. You can Arc enable the servers and the SQL serverless that you have today. But really, if you’re looking towards the future, you’re probably going to be running Kubernetes, maybe even manage Kubernetes somewhere. But now you can take advantage of this Arc enabled services to go and deploy whatever. I’m sure they’re not going to stop with data services and machine learning, they’re going to add some other things on there better and data services so far is managed instant and PostgreSQL.

[00:26:06.530] – Ben
I would expect a couple of extra data services to pop in there over time as well. Obviously, it makes sense to start with those that are most popular that already have an equivalent on Prem. So it is something where people can actually modernize something rather than just bringing all the super fancy stuff that may not even be. I mean, that’s why there’s so much stuff out there. Okay, but who actually uses them? Well, I don’t know anyone who uses it in production, but it sounds super cool.

[00:26:34.390] – Ben
Yes, it does sound super cool, but in the end, this doesn’t get you with the product we need machine learning. Arguable machine learning also runs purely on Kubernetes, and the nice thing about machine learning is that you can either use it to just scale out stuff. So I got five Kubernetes clusters, and I’m just training my machine learning models on whichever cluster has the most spare capacity at this point, but you can also use it to say, well, I’ve developed this super nice TensorFlow thing in a central development location, but it needs to be processed where the data is because I’m doing real time fraud detection or whatever, but it cannot leave the premises where the underlying data is.

[00:27:13.320] – Ben
So two different use cases again for the same product. But again, it is only running on Cuban. Netties. Also, if you haven’t looked into Cuban at ease, I would probably consider doing that.

[00:27:24.820] – Ned
Probably. I think we’ve hammered that point pretty hard home, at least on day two. Cloud. That was a topic of discussion a lot in the last year. I feel like we haven’t talked about Kubernetes as much lately because it’s now just become like background noise. Almost like, yes, it’s implied in everything that we’re talking about. Now, if I want to consume Azure Arc, I want to get into some specifics here on the architecture. What do I have to deploy in Microsoft Azure to use Arc? Do I have to spin up some machines or just enable a service?

[00:28:01.580] – Ned
What’s going on on that side of things?

[00:28:04.530] – Ben
At the minimum, you need nothing, because in theory, you could deploy a managed instance on Prem that never gets connected even to the Azure cloud, so it wouldn’t even show up there. So you wouldn’t even see the slightest footprint in there. It’s kind of Besides the point of doing that, so I would not recommend doing it. I’m also not sure how the billing interface would work. In that case, you might be something that is explicitly not allowed, as per the fine print to read the fine print.

[00:28:32.070] – Ben
Don’t say Ben told me I can do that. You can. Even in the other cases, you don’t need much. Basically, everything that is happening is happening through Azure monitor, so you need a log analytics workspace, a resource group where that sits. And that is pretty much it all the other resources deploy themselves as kind of a resource. So you will see, okay, this is my Windows Server that sits on AWS, and you can add Tags and all the other stuff. They’re just like a regular resource.

[00:29:04.110] – Ben
So you might have one resource group that says, okay, there is my managed instance, and there’s my Azure SQL DB and oh, cool. There’s my Arc SQL managed instance, and that sits in this data center, and there is my Arc Postgres, and there’s my Arc data controller and whatever the resources deploy themselves. So you don’t really need to do anything. Again, in many cases, you will need a local space just for Azure monitor to have something that can actually store all that data and what you will also need for most case, most scenarios actually a service principle because you do not want to do everything like with Arc enabled data service.

[00:29:39.640] – Ben
For example, by default, you can have an active mode or direct mode or indirect mode. In indirect mode, it will manually upload the log files as per schedule or really manually on the indirect mode. It would just automatically do that. And the way it happens and the way it communicates with the Azure club happens for a service principle. And the whole point of having everything connected from my perspective is not to have to manually check accounts and everything on every single one of these boxes, but just have a service account that takes care of all of that for me, starting from onboarding after the actual lock upload and stuff.

[00:30:15.460] – Ben
So that’s pretty much all you need. So that’s also pretty much all it will cost you honestly, except for services consumed. So you deploy managed instance, you pay for that managed instance. But bringing in your Arc enabled Windows Server, you don’t pay a Windows license or anything for that because you already owned it. You already have that Windows Server. So I mean, yes, you pay for storage for the log analytics workspace. But then again, how many logs can you actually gather that this becomes significant?

[00:30:48.680] – Ned
Oh, man. I turned verbose logging on everything. I need all the logs logging if I can get it.

[00:30:57.070] – Ben

[00:30:57.470] – Ned
So that’s what I need on the Azure side. What about the target side? Whether it’s on Prem or another cloud, can I set up like, a gateway? I think you mentioned most of the at least the virtual machines in the sequel instances have an agent installed. Do all those agents just reach out directly to Azure Arc, or is there a way to kind of funnel them through a management gateway or something like that?

[00:31:19.280] – Ben
No, they all reach out directly. So basically all they need is to have Https access to the Azure. There’s an endpoint that is in the docs that I keep forgetting because I will just say you can call anywhere as long as it’s encrypted. I don’t care. That’s pretty much all you need. So they will directly call Home. No gateways involved, no VPNs or anything involved. Unless, of course, you want those resource to talk to something that sits in a private. So if you’ve deployed something in a private V.

[00:31:51.420] – Ben
Net in Azure and you want your local Mi to be able to talk to that, then you might need to bring them together through some kind of VPN routing, whatever. But other than that, there is no need for any of that. So it is super easy and slick to set up when you stand up the agent.

[00:32:09.260] – Ethan
Is it just calling out to a DNS name, then to connect to Home, correct? Yeah.

[00:32:13.920] – Ben

[00:32:14.820] – Ned
Okay. I’m assuming you can set up a proxy so you can whitelist that your proxy.

[00:32:20.600] – Ben
Correct. Okay.

[00:32:21.820] – Ned
Got you. That makes sense.

[00:32:23.700] – Ben
It would maybe just take the example of enabling an Azure Arc enabled Windows Server. What you would do is you go to the Azure Portal, say, hey, I want the new Arc enabled Windows Server. You answer a couple of questions, and in the end, it spits out a PowerShell script for you. It would be Linux. It would spit out the best script for you. It has, like, three optional lines in there where you can say, okay, this is my proxy. This is my service account ID, and this is its password.

[00:32:47.470] – Ben
If you leave those empty, it will not use a proxy, and it will prompt you to log into the Azure Portal, which is fine if it’s one or two service and otherwise, again, use a service principle because you will go nuts with all those single and manual sign in. But this is based. And once you’ve created that script, you can reuse it indefinitely. Aks, you know, I said indefinitely, and I’m pretty sure at some point they’re going to change the API.

[00:33:15.990] – Ned
For the foreseeable future. Maybe.

[00:33:20.530] – Ethan
Does the network need to be anything exciting then to connect between on Prem and Homebase for Azure Arc? The assumption is as long as I can get there, it’s fine. So VPN Express route. It doesn’t like I need anything special. Really.

[00:33:37.890] – Ben
Nothing of that. It needs a little bend, but obviously because it is uploading locks and stuff. And especially if you’re doing, like a big assessment on a SQL server, it will actually transfer a couple of 100 megabytes on back and forth. Yeah, don’t try this when tethering, but then again, general advice. Don’t tether your service. That’s kind of if there’s nothing you’re taking away from this podcast, but this don’t tell your service. This is actually what I like so much about Arc. First of all, it fits in very neatly with the existing tooling.

[00:34:15.280] – Ben
So Azure Arc enabled data services running Kubernetes, you can deploy it through native Kubernetes tools like Cubectl, which, if you’re working with Kubernetes, you know how to use that. And you get a YAML file to deploy all this. So it’s nothing new. It’s just a different resource type. Obviously, I haven’t really used Q Amp A before, but I use the Azure PowerShell module, or I use the Azure CLI. Then you can do a SQL Mi art create instead of Azsqlmi create. So basically using an almost identical command that you’ve used in the Azure Cloud before you just add the minus Arc to it and you’re done.

[00:34:51.770] – Ben
So it really fits in with existing tooling. And I think this is something that Microsoft really got right there because you don’t really have to learn a bunch of new stuff. Basically, all you do is, hey, here’s a PowerShell script. Run it. If you are Windows DBA, you probably know how to do that, and that’s it and all the rest will be super native with the existing Azure Windows, SQL Server. Whatever the product is experienced.

[00:35:19.830] – Ethan
The context here does seem to be we’re in the Microsoft world. It’s Azure, and it’s things that Microsoft is good at dealing with Windows boxes, SQL Server, Linux, and so on. But what if I want to bring some resources I’ve got setting up in AWS maybe, and bring that under Azure Arc for management.

[00:35:38.550] – Ned
Is that a dumb idea?

[00:35:39.600] – Ethan
Is that even possible? Then.

[00:35:42.870] – Ben
The answer is, of course it depends. So as long as these resources fit into the existing offerings. So if you bring in a Windows Server that sits in AWS, sure, no problem. That’s exactly what it’s made for. If you bring in an EKS cluster managed Kubernetes cluster in the Amazon cloud. Sure, you can do that. If it’s something that is completely specific to, like, a free share in the AWS cloud, then there is no equivalent to that in the Azure cloud. So you could not bring that in because there would just be nothing that it would work with.

[00:36:23.570] – Ethan
So what you’re saying is Azure Art does not have any special nod to the AWS world where we support these API primitives and such that’s not there.

[00:36:35.110] – Ben
That’s not there. What you can do fairly easily is, for example, hey, I got this little PowerShell script that reads all the Tags from my existing AWS, and it will just put there is no switch that says, hey, please copy all the text because they wouldn’t be exposed to the actual VM. It would probably be three lines of PowerShell or so to do that. So that’s fairly easy getting us back to. Hey, let’s automate stuff as long as it’s a service that has an equivalent in Azure.

[00:37:04.650] – Ben
So Azure Arc is not just like Bicep is only focusing on the Microsoft Azureworld. Azure Arc is not trying to solve a problem that he could not have in the Azure cloud, if that makes sense. So it is tailored at people that say, hey, a good bunch of my stuff is already in Azure. And then again, I think that makes pretty much sense, because if you say, hey, I got all my stuff. 50% is in AWS and 50% is in the Google cloud, but none of them kind of have something like Arc.

[00:37:35.420] – Ben
I’m now going to bring all that metadata into Azure where I don’t have anything else. People probably wouldn’t do that. And all the others if you say, hey, my databases, my VMs, my Kubernetes, that should already cover a lot. All the rest would probably be specifics. And also, if you say, well, one of the use cases, one of the point is, hey, I got multiple teams and multiple clouds working on the same thing, and I want to bring criminality across that it’s not something you could actually have with a service that only exists in specific clouds, so it doesn’t even have to be AWS.

[00:38:12.110] – Ben
Let’s say you’re running a hosted version of Jira, and that also runs in the cloud, which I think actually you say yes in the background, but who knows for sure. Nobody knows these days there would be no way of having an Azure Arch enabled Jira, but then again, this product is so specific that you can be pretty sure you will not have multiple teams working on multiple IaaS, and at least I hope so. That’s not what they’re aiming at.

[00:38:41.690] – Ned
Right. Okay. So you’re not going to be managing even your RDS instances or your Lambda functions with R that’s still going to sit on the AWS side, but the common building blocks the EC two instances. That’s something you can at least get some visibility on.

[00:38:59.490] – Ben
Yeah. Okay.

[00:39:00.180] – Ned
That makes sense to me. It’s not terribly surprising. I don’t think Microsoft wants to enable you to consume more AWS service.

[00:39:08.630] – Ben

[00:39:08.980] – Ned
Okay, that makes sense. One of the things that I saw when I was looking at the product site for Arc was they were touting that you can use it at the edge. And I thought that was sort of more the Providence of Azure Stack and Azure Stack data box and database Edge or all those products. So if I do want to use Arc at the edge, is there anything special that I need to know or have deployed in order to use it?

[00:39:35.500] – Ben
There no. So again, that’s kind of the different use cases, that kind of being the hardware appliance. So on a stack or Azure Stack HCI, you could also deploy Azure Kubernetes services, and then you could argue enable them, for example, and have them call back home.

[00:39:50.950] – Ned
Okay. Yeah. So they could work in tandem mini cluster through Azure stack. Now I can use Azure Arc to push down machine learning or whatever I want to do.

[00:40:01.180] – Ben
Or you build your own Kubernetes cluster using VMs on your Azure stack, and then you Arc enable that and deploy your Arc enabled data services to it, or your Arc enabled machine learning. Whatever the use case might be.

[00:40:13.160] – Ethan
Then is it fair to say that Arc is location Agnostic, it doesn’t know or exactly care AKS, long as it can reach out, it doesn’t care where the resources are, right?

[00:40:23.880] – Ben
Correct. Any infrastructure, any infrastructure. When you say any infrastructure, it’s a bit too much because some of my Kiki friends are half perfect. So I’m going to deploy that managed instant to my Raspberry pin like, yeah, no, you won’t, because Raspberry Pi. It’s using a different processor architecture, so it would probably work from a resource perspective of memory and CPU. But there’s no SQL Server image that would run on the Raspberry pipe processor. So that’s not the limiting factor there. Then again, there’s SQL on edge. That would do exactly that.

[00:41:04.520] – Ben
But that would be Arc enabled. Oh, my God. That’s your point. That is exactly right. Arc doesn’t really know where it is, even if you tell it through text, because that’s kind of what I do if I’m using Arc across multiple locations. One of the first text is like, okay, which cloud is this in and which region is this in? Because then, for example, I could say, okay, I have a couple of SQL Serverless going down in my Azure Monitor and SEO, but they’re all sitting in the same AW as a region, and then you check with AWS.

[00:41:41.680] – Ben
Okay. That makes sense, because that AWS region is actually having big issues, but that would tell me it wouldn’t tell Arc. Arc doesn’t care.

[00:41:50.770] – Ned

[00:41:51.910] – Ethan
Then talk to us about pricing for Arc. Is there a license scheme? Is it per Linode? Is it like, per service? How does Microsoft charge for this thing?

[00:42:05.330] – Ben
Basically, at this point, except for architectural data service, it’s pretty much free, except for the storage and stuff you consume in the Azure Portal and for Arcanable data services, it is priced well, you pay for it by the hour, as you would pay for a managed instance that you deploy on Azure, and it is priced obviously below the offering that you would get in the Azure cloud for the reason that. Well, the price that you pay for an Mi is depending on the number of cores and everything.

[00:42:35.300] – Ben
And it is a combination of software cost, maintenance, cost and the hardware below that. Since you bring your own hardware, I think it is fair that Microsoft is not charging you again for it. So it’s slightly below that. And it starts at a couple of cents for a small deployment, and it obviously goes up to a couple of $100 an hour if you’re deploying this on like, a huge box.

[00:42:57.260] – Ned
Okay. So if I just have a fleet of VMs that I want to add to Azure Arc, I’m really just paying for storage on the Azure side.

[00:43:06.280] – Ben
Correct. Because I think Azure Monitor itself is free as well. So that will leave you with storage, because that’s all you do on the edge of side of the house.

[00:43:17.600] – Ned
Okay. But I think the real magic here and I keep coming back to. This is what you can do with Kubernetes and the services that they’re adding there and being able to go, hey, I want to manage instances, or I want to do some machine learning deployed out pay as you go and then pull it all back in when you’re done. Very interesting. So I didn’t really understand Arc at the beginning. I think I kind of get it now. I think it’s probably something I’m going to have to play around with.

[00:43:44.960] – Ned
And I saw there was a bunch of quick start guides where I don’t even need to spin up a big giant. I can just run kind on my laptop to get my arms, at least around the data services.

[00:43:56.050] – Ben
There’s a super amazing website out there, Azurejumstar IO, which is something that’s built and maintained by the Microsoft product group, and that’s probably the site that you’ve just referred to. It kind of gives you a sandbox environment on all the Arc services, so you don’t have to go ahead and spin up like 15 VMs just to onboard them. But it does all that nicely for you in the background saying, okay, I want to play with that. Okay. This is what it looks like in the portal. Cool.

[00:44:25.410] – Ben
Just to get an understand, we Azure all geeks. We don’t want to read about it for ourselves. We want to get our hands dirty, but we want to do it without adding too much cost to our Azure account, and also without messing too much with our existing infrastructure. So most DBAs or Windows Server admins are probably slightly hesitant individuals say, hey, here’s a PowerShell script. Just run that for me. I’m not going to tell you what it does, but it’s pretty cool just do that. They might be like, yeah, no, but in that sandbox environment, you can kind of try out.

[00:44:56.160] – Ben
Okay. Is it checking all the boxes? Is it doing all the stuff that you need without onboarding potentially hundreds of service? And then to realize that this is not what I want to now have to manually remove all them again.

[00:45:07.090] – Ned
Right. All right. Very cool. I’ve enjoyed this conversation. Ethan, I think you got dragged into this as well. A little bit piqued your interest. If listeners out there are interested, can you maybe summarize some of the main takeaways from the episode?

[00:45:24.190] – Ben
I will try. First of all, I would say the future is hybrid, at least for most of us. I know there will be people out there. What is he talking about? I got everything in one single club, both of my VMs. Yes. If your infrastructure is that slim cool. I mean, we’re a super small shop with twelve people, and we got stuff running in three different clouds. Not because. Well, also because we’re techies and we don’t care, and we think it’s actually pretty cool to have stuff kind of knitted together, but also because due to the software and stuff that we use.

[00:45:56.440] – Ben
There is no way around that. So find a way to deal with that. It will not everything work with one single bank. Also don’t overdo it, so don’t overeak it and have like 50 similar services and 50 different clouds just because you can but be prepared that we will be hybrid for probably more than the foreseeable future. I think if ever it will be way down the road that we end up at a point where we can really say, okay, we go to one single cloud so it only comes down to price.

[00:46:25.910] – Ben
Simplicity is King and automation is a huge part of that simplicity. Look into infrastructure code, look at what you can do with PowerShell. I only got really into power shell like a year or two ago, so I was pretty late to the party. And these days and how did I ever live without that? Looking to Bicep because again, Arm templates Biceps as briefly mentioned, biceps is kind of a new Arm template dialect if you want so and it’s just so much slimmer and cleaner. Look into it.

[00:47:01.630] – Ben
And the last takeaway is minus minus use case and you will have to figure out Azure Arch enabled data services to understand what I mean by that. It’s kind of an inside joke, but you will get it. You will figure it out if not on Twitter and I will explain it to you. But explaining jokes is always like me.

[00:47:19.130] – Ned
Yeah. Sounds like our audience is just going to have to play around with it and find out. Discover what it means. Folks want to know more about you. Can you point them in some different directions for stuff you’ve created or places they can find you?

[00:47:30.660] – Ben
Yes. So depending on if they prefer reading or if they prefer watching stuff I wrote books on pretty much all of the stuff that we’ve talked about today. So big data classes, SQL and Kubernetes Architects, data services. And I also got a couple of plural side courses out there from Bicep. I co authored a course on Azure, Kubernetes Services and Azure Arc. So there’s pretty much everything we talked about. You will find a course about that. I don’t block that much recently because I feel like there’s kind of an overload on blogs.

[00:48:04.590] – Ben
And also I’m lazy. So I put my energy into doing courses.

[00:48:09.470] – Ned
You’re so lazy creating courses and writing books.

[00:48:12.690] – Ben
Correct. Exactly.

[00:48:15.870] – Ned
Fair enough. And if people want to follow you, I see at Twitter you’re be Weissman and LinkedIn. It’s just Ben Wiseman, so very easy. I can find you there. Well, Ben, thank you so much for appearing today on Day Two Cloud and hey, virtual high five to you listener for tuning in. If you have suggestions for future shows, we would love to hear them. You can hit either of us up on Twitter at day Two cloud show or fill out the form on my fancy website nedinthecloud.

[00:48:43.350] – Ned
Com. Did you know that you don’t have to scream into the technology. Void Alone The PacketPushers Podcast Network has a free Slack group open to everyone. Visit PacketPushers. Net Slackandjoin It’s a mArceting free zone for engineers to chat. Compare notes, tell war stories and solve problems together PacketPushers. Net Slack until next time time. Just remember cloud is what happens while it is making other plans.

More from this show

D2C218: What’s Inside The AI Magic Box?

AI and machine learning are being more widely used in IT and elsewhere. Today's episode opens the AI magic box to better understand what's inside, including software and hardware. We discuss essentials such as training models and parameters, software...

Episode 126