Introduction to Azure Arc landing zone accelerator for hybrid and multicloud
Enterprises are currently building and running applications across various ecosystems on-premises, in multiple public clouds, and on the edge. When you're working in these distributed environments, it's critical that you find a way to ensure compliance and manage servers, applications, and data at scale while still maintaining agility.
Azure landing zones provides: A specific architectural approach. Reference architecture. Set of reference implementations that help you prepare your landing zones for mission-critical technology platforms and supported workloads.
For more information on the design areas labeled A-I in the visual, see environment design areas.
Azure landing zones were designed with hybrid and multicloud in mind. To support hybrid and multicloud, the reference architecture requires two additions:
- Hybrid and multicloud connectivity: Understand key network design considerations and recommendations for working with Azure Arc.
- Unified operations: Include Azure Arc-enabled resources to extend your governance and operations support with consistent tooling.
Why hybrid?
As organizations adopt modern cloud services and the associated benefits, periods of running services parallel alongside the legacy on-premises infrastructure are inevitable. As your organization further evaluates cloud services or as business requirements dictate, your team might choose to run more than one public cloud service. Operating a distributed heterogeneous estate requires simplified, consolidated management and governance to reduce operational impact.
Use landing zone concepts introduced as part of the Cloud Adoption Framework guidance to establish patterns for building hybrid architectures and introducing standards for connectivity, governance, and monitoring. This work helps when your strategic intent is to simplify and combine the infrastructure and services following migration projects. Setting standards for management processes and tools removes the need to retrofit workloads after you move them into Azure.
Prerequisites
It's beneficial to have familiarity with the Azure landing zones. For more information, see the Azure landing zones overview and Azure landing zones implementation guidance.
Azure provides various management tools to help you monitor and govern infrastructure and applications at scale. When implementing a hybrid landing zone, be sure to extend the Azure tools to control infrastructure and applications outside of Azure. This approach creates a single management plane and a single view of your entire hybrid estate, which makes monitoring and management at scale as straightforward as possible.
Azure Arc-enabled servers design guidelines
Azure Arc simplifies governance and management by providing a consistent multicloud and on-premises management platform. Azure Arc lets you manage your entire environment with a single pane of glass by projecting your existing resources into Azure Resource Manager.
CDA | Description |
---|---|
Identity and access management | Best practices for access control design to secure your hybrid resources as you use Azure Arc to centrally manage them. |
Network topology and connectivity | Design considerations for working with Azure Arc-enabled servers and information explaining how you can securely connect them to your enterprise-scale landing zone. |
Resource organization | Best practices for resource consistency and tagging strategy, including for your hybrid and multicloud resources. |
Governance and security disciplines | The Cloud Adoption Framework's enterprise-scale landing zone architecture includes patterns for standardizing your deployment of Azure Policy and role-based access control (RBAC) through the structured use of management groups that segment resources into logical groupings. You can extend these patterns with technologies like Azure Arc. |
Management disciplines | Use Azure Arc to extend Azure management services to other environments like on-premises and other cloud platforms. Enterprise-scale provides guidance for operationally maintaining Azure Arc-enabled servers on Azure enterprise estate with centralized management and monitoring at the platform level. |
Automation disciplines | Azure Arc helps you manage your digital state hosted outside of Azure using the same level of experience and automation you'd have for a native Azure resource. Plan to use automation as much as possible for agent onboarding, lifecycle management, and expanding your Azure control plane capabilities through Azure Arc. |
Cost governance | Use budgets, cost allocation, and chargebacks to keep track of ungoverned and unmonitored resources preventing you from increasing financial accountability. |
Azure Arc-enabled Kubernetes design guidelines
The design guidelines provide recommendations for the critical decisions that drive the design of the Cloud Adoption Framework for Azure landing zone in a hybrid multicloud environment. Consider the following critical design areas for your Azure landing zone implementation when working with Azure Arc-enabled Kubernetes:
CDA | Description |
---|---|
Identity and access management | Best practices for right access controls design to secure hybrid Kubernetes cluster resources as they're centrally managed from Azure using Azure Arc-enabled Kubernetes. |
Network topology and connectivity | Design considerations when working with Azure Arc-enabled Kubernetes and how to securely connect them to your Azure landing zone. |
Resource organization | Best practices for resource consistency and tagging strategy that includes your hybrid and multicloud Azure Arc-enabled Kubernetes cluster resources. |
Governance and security disciplines | The Cloud Adoption Framework's Azure landing zone architecture includes patterns for standardizing the deployment of Azure Policy and role-based access control (RBAC). You standardize deployment through the structured use of management groups to segment resources into logical groupings. Extend these patterns by using technologies such as Azure Arc-enabled Kubernetes. |
Management disciplines | Similar to governance techniques, you can extend Azure management services to other environments, such as on-premises and other cloud platforms through Azure Arc. Azure landing zone provides guidance on operationally maintaining and operating Azure Arc-enabled Kubernetes cluster resources on Azure enterprise estate, with centralized management and monitoring at the platform level. |
Automation disciplines | Azure Arc lets organizations manage their digital state hosted outside of Azure with the same level of experience and automation as a native Azure resource. As part of your Azure landing zone implementation, plan to use automation as much as possible. Opportunities for automation include cluster onboarding, agent and extensions lifecycle, and expanding Azure control plane capabilities for Azure Arc-enabled Kubernetes cluster resources. |
Extensions management | Best practices for managing Azure Arc-enabled Kubernetes cluster extensions that support expanding Azure control plane capabilities for Azure Arc-enabled Kubernetes resources. |
CI/CD and GitOps disciplines disciplines | As a cloud-native construct, Kubernetes requires a cloud-native approach to deployment and operations. Learn key CI/CD and GitOps disciplines in your hybrid and multicloud environment using Azure Arc-enabled Kubernetes cluster resources. |
Services observability | Service observability is important. It helps you understand performance issues that occur with distributed and cloud systems that are based on dynamic architectures. Learn about design services observability patterns in a hybrid and multicloud environment with Azure Arc-enabled Kubernetes cluster resources. |
Cost governance | Keep track of ungoverned and unmonitored resources that prevent you from increasing accountability with budgets, cost allocation, and chargebacks for Azure Arc-enabled Kubernetes cluster resources. |
Azure Arc-enabled SQL Managed Instance design guidelines
The design guidelines provide recommendations for critical decisions that drive the design of the Cloud Adoption Framework for Azure landing zone in a hybrid multicloud environment. Consider the following critical design areas for your Azure landing zone implementation, when working with Azure Arc-enabled SQL Managed Instance:
CDA | Description |
---|---|
Identity and access management | Design considerations and best practices for right access controls design to secure Azure Arc-enabled SQL Managed Instance and Data Controller resources. |
Network topology and connectivity | Design considerations and best practices when working with Azure Arc-enabled SQL Managed Instance and how to securely connect them to your Azure landing zone. |
Storage disciplines | Design considerations and best practices for choosing the right storage architecture when working with Azure Arc-enabled SQL Managed Instance. |
Resource organization | Design considerations and best practices for resource consistency and tagging strategy that includes your hybrid and multicloud Azure Arc-enabled data services resources. |
Governance and security disciplines | The Cloud Adoption Framework's Azure landing zone architecture includes patterns for standardizing the deployment of Azure Policy and role-based access control (RBAC). Standardize deployment through the structured use of management groups to segment resources into logical groupings. Extend the patterns by using technologies such as Azure Arc-enabled SQL Managed Instance. |
Management disciplines | Similar to governance techniques, you can extend Azure management services out to other environments, such as on-premises and other cloud platforms through Azure Arc. Azure landing zone provides guidance on operationally maintaining and operating Azure Arc-enabled data services resources. Manage Azure Arc-enabled data services resources on Azure enterprise estate, with centralized management and monitoring at the platform level. |
Business continuity and disaster recovery | Design considerations and best practices on designing a highly available, disaster recovery-ready architecture to support Azure Arc-enabled SQL Managed Instance business continuity in the enterprise. |
Upgradeability disciplines | Design considerations and best practices for configuring and managing the upgrade process on your Azure Arc-enabled SQL Managed Instance. |
Cost governance | Keep track of ungoverned and unmonitored resources that prevent you from increasing accountability with budgets, cost allocation, and chargebacks for Azure Arc-enabled SQL Managed Instance resources. |
Next steps
For more information about your hybrid and multicloud cloud journey, review the following resources:
- Understand how to design the right access controls to secure hybrid environments.
- Review the Network topology and connectivity for Azure Arc-enabled servers requirements.
- Understand how to manage hybrid and multicloud environments.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for