The document discusses Azure Arc, Microsoft's solution for extending Azure management and security capabilities to any infrastructure. Key points include:
- Azure Arc allows deploying and managing Kubernetes applications across environments using DevOps techniques and ensuring consistent configuration.
- It enables running data services anywhere for latency or compliance reasons and seamlessly managing data assets across on-premises, clouds and edge.
- Azure Arc provides a way to centrally organize and govern Kubernetes clusters and servers that may be sprawling across clouds, datacenters and edge from a single place.
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
Overview of Azure Arc enabled Kubernetes
1.
2.
3.
4. Azure IoT
Any edge device
Azure Arc
Any datacenter, any cloudIntegrated systems
Azure Stack
Microsoft Azure
Management | Security + Identity | App + Data Services | Dev Tools + DevOps
5. Deploy and manage Kubernetes
applications at scale across environments
using DevOps techniques. Ensure
that applications are deployed
and configured consistently from
source control, at scale.
At-scale Kubernetes
app management
Deploy and manage data services where
you need it for latency or compliance
reasons. Always use the most current
technology and seamlessly manage
and secure your data assets across
on-premises, clouds and edge.
Run data services
anywhere
Get Kubernetes clusters and servers that
are sprawling across clouds, datacenters
and edge under control by centrally
organizing and governing from
a single place.
Organize and govern
across environments
Multi-cloud
Datacenter & hosted
9. Azure Policy
Active control and governance at scale for your Azure resources
Remediate existing resources at
scale
Automatic remediation resources
at deployment time
Trigger alerts when a resource is
out of compliance
Remediate & automate
Turn on built-in policies or build
custom ones for all resource
types
Real-time policy evaluation
and enforcement
Periodic & on-demand
compliance evaluation
VM In-Guest Policy
Enforcement & compliance
Apply policies to a Management
Group with control across your
entire organization
Apply multiple policies and &
aggregate policy states with
policy initiatives
Exclusion Scope
Apply policies at scale
10.
11. Application Container VM Monitoring
Solutions
Insights
Dashboards Views Power BI Workbooks
Visualize
Metrics Explorer Log Analytics
Analyze
Alerts Autoscale
Respond
Event Hubs Ingest &
Export APIs
Logic Apps
Integrate
Custom Sources
Application
Operating System
Azure Resources
Azure Subscription
Azure Tenant
Metrics
Logs
Azure Monitor
Azure policy sits at the core of Azure, and gives you the ability to codify your company policies into the platform. Once core benefit is that, given the rate of innovation of Azure, there are services going live quite often. In Azure, any news service will be able to be governed by Azure Policy from day 1.
There are essentially three kinds of policies:
Auditing is the one we recommend getting started with. This means that users can use Azure with no restrictions, but if somebody goes against policy you will be able to see the compliance state in an easy to use view. No need to run scripts every 24 hours to check the compliance status.
Enforce policies is the next level where essentially you are setting guardrails. This means that if you have an enforced policy, users have to do it that way or they will get a deny error.
Remediation is the last type, where you can get back to desired state the resources that are non-compliant. Imagine that you need to have monitoring in your VMs and there are multiple non-complaint ones. You can trigger a remediation policy that will append monitoring to those resources.
https://www.weave.works/technologies/gitops/
Here’s a conceptual overview of Azure Monitor. From left to right:
Azure Monitor captures monitoring telemetry from a number of sources. Some of these are Azure specific but others are generic – such as app and OS information from VMs. In addition, you can also inject data from custom sources.
The telemetry is stored in metrics and logs stores that is centralized, fully managed and optimized for cost and performance.
With all the data in one place, Azure Monitor provides a number of value-adds on top of it.
You can get the end to end insights that we discussed earlier. It could be for canonical use cases for monitoring applications, container, VM or networks. In addition, we have a range of Monitoring solutions such as SQL analytics for specialized workloads. The idea here is that as a customer, for most of your use cases, you get out of the board monitoring and diagnostics with little to no instrumentation
Alternatively, hyou can choose to