Azure Arc: Redmond's tool to wrangle services wherever they are – on-premises, cloud, your basement, in the pub...

Plus summary of everything else announced at Windows titan's Florida shindig

Ignite Microsoft has announced Azure Arc, which extends the Azure management portal to embrace services running on-premises or on other clouds.

“Extend Azure management and security to any infrastructure,” says the announcement, but this bold claim overstates what has been made available in preview.

There are currently two parts to Azure Arc. One is the ability to add Windows or Linux servers to the Azure Resource Manager, wherever they are running, including on-premises, or on other clouds such as Amazon Web Services (AWS) or Google Cloud Platform (GCP). This is agent based, so you can perform operations on the servers, via the Azure portal or scripting, but not on the hosting environment.

This means that you can deploy applications or manage patches and updates, but actions such as creating, deleting or resizing VMs are not available through Azure, according to Microsoft staff here at the tech goliath's Ignite conference in Florida, USA. That said, Azure Corporate VP Julia White said that “We’re working with VMware specifically to make sure there’s a good integration experience,” raising the possibility of a deeper integration. It is a major limitation though.

Azure Arc lets you extend Azure management to a hybrid or multi-cloud environment

Azure Arc lets you extend Azure management to a hybrid or multi-cloud environment ... Source: Microsoft

You can also add Kubernetes (K8s) clusters. It is a similar story; you can use the K8s API to orchestrate containers but you cannot carry out infrastructure actions such as scaling the cluster.

This means that it is not equivalent to the management available for Azure Kubernetes Service (AKS). If the K8s open source community agrees a common API for scaling clusters, then Azure could in future use it, but Microsoft does not want to depend on third-party APIs.

The second part of Arc is the ability to deploy and manage Azure SQL database or Azure PostgreSQL on any K8s cluster, whether on premises or on other public clouds. In this case you do have the ability to do scaling, monitoring, updates, backups and diagnostics.

Currently no other Azure services are supported, but in future it might make sense to add further services such as Azure App Service, for running web applications, or Azure Functions for serverless applications.

Microsoft’s intent is to allow developers to use the Azure model but with more flexibility about where an application is deployed. “If you’ve written an application for Azure SQL database, for example, you can run that application in multiple places,” said White. She also said that scaling Azure data services could include bursting up to Azure itself when needed.

The new Project integrates with Power BI for progress visualisation

Microsoft welcomes ancient Project app to the 365 family, meaning bleak future for on-prem


Another key aspect is security and compliance. You can apply Azure policies and role-based access control to Azure Arc services, subject only to the limitations mentioned above, that this applies to what can be done through server agents or through the K8s API. All the data security available through Azure SQL or PostgreSQL can be used.

“The core of Azure Arc is taking the capabilities of Azure Resource Manager and enabling that to stretch into a datacenter, into other clouds, and onto edge devices,” said White.

The billing model for Azure Arc has not yet been announced, though White indicated that it would follow a similar pattern to that for Azure Stack, where services are discounted versus Azure equivalents to allow for the fact that the customer is responsible for the infrastructure.

Azure Arc is perhaps an indication of Microsoft’s intention to extend the reach of its cloud model so that Microsoft platform resources look more like Azure resources wherever they happen to be running, and to extend the scope of subscription-based billing. In its current form though, it is a long distance away from the concept of managing multi-cloud environments via Azure. ®

Speaking of Microsoft Ignite... here's a quick summary of everything else noteworthy announced so far at this week's conference, which kicked off on Monday:

  • Visual Studio Online is now available as a public preview – and preview 3 of Visual Studio 2019 version 16.4 and Visual Studio 2019 for Mac version 8.4 Preview 2 are also available for download. Furthermore, Visual Studio 2019 IDE features for connecting to cloud environments are in private preview: ask nicely for access.
  • To provide folks with more powerful and interesting ways to query large amounts of data, Microsoft has rolled out something called Azure Synapse Analytics.
  • A load of new features for Redmond's Power Platform were announced, including Virtual Agents aka a no-code or low-code framework for developing chat bots for support desks and the like. There's also an extra bunch of pre-built models in AI Builder. Microsoft Flow has been renamed to UI flows within Power Automate, which allows users to, you guessed it, automate tasks by recording and playing back desktop actions.
  • And further along the lines of AI, Microsoft 365 is powering up something called Project Cortex, a machine-learning-based tool that reorganizes your data into piles of related stuff.
  • For those concerned about security and authentication, the Windows giant has emitted a shed load of updates on this front, from an insider risk management tool to Azure Firewall Manager now in preview.
  • Microsoft is teasing a new iOS and Android mobile Office app, and allowed Cortana to read out your emails from Outlook on Apple devices.
  • We're told Yammer has been "completely redesigned," and Microsoft 365's Search has been improved. A release candidate for the Chromium-flavored Edge is available to download. Plus a wad of other bits and bytes: our vultures at Ignite will go into greater depth over the course of the week.

Similar topics

Other stories you might like

  • NASA's InSight doomed as Mars dust coats solar panels
    The little lander that couldn't (any longer)

    The Martian InSight lander will no longer be able to function within months as dust continues to pile up on its solar panels, starving it of energy, NASA reported on Tuesday.

    Launched from Earth in 2018, the six-metre-wide machine's mission was sent to study the Red Planet below its surface. InSight is armed with a range of instruments, including a robotic arm, seismometer, and a soil temperature sensor. Astronomers figured the data would help them understand how the rocky cores of planets in the Solar System formed and evolved over time.

    "InSight has transformed our understanding of the interiors of rocky planets and set the stage for future missions," Lori Glaze, director of NASA's Planetary Science Division, said in a statement. "We can apply what we've learned about Mars' inner structure to Earth, the Moon, Venus, and even rocky planets in other solar systems."

    Continue reading
  • The ‘substantial contributions’ Intel has promised to boost RISC-V adoption
    With the benefit of maybe revitalizing the x86 giant’s foundry business

    Analysis Here's something that would have seemed outlandish only a few years ago: to help fuel Intel's future growth, the x86 giant has vowed to do what it can to make the open-source RISC-V ISA worthy of widespread adoption.

    In a presentation, an Intel representative shared some details of how the chipmaker plans to contribute to RISC-V as part of its bet that the instruction set architecture will fuel growth for its revitalized contract chip manufacturing business.

    While Intel invested in RISC-V chip designer SiFive in 2018, the semiconductor titan's intentions with RISC-V evolved last year when it revealed that the contract manufacturing business key to its comeback, Intel Foundry Services, would be willing to make chips compatible with x86, Arm, and RISC-V ISAs. The chipmaker then announced in February it joined RISC-V International, the ISA's governing body, and launched a $1 billion innovation fund that will support chip designers, including those making RISC-V components.

    Continue reading
  • FBI warns of North Korean cyberspies posing as foreign IT workers
    Looking for tech talent? Kim Jong-un's friendly freelancers, at your service

    Pay close attention to that resume before offering that work contract.

    The FBI, in a joint advisory with the US government Departments of State and Treasury, has warned that North Korea's cyberspies are posing as non-North-Korean IT workers to bag Western jobs to advance Kim Jong-un's nefarious pursuits.

    In guidance [PDF] issued this week, the Feds warned that these techies often use fake IDs and other documents to pose as non-North-Korean nationals to gain freelance employment in North America, Europe, and east Asia. Additionally, North Korean IT workers may accept foreign contracts and then outsource those projects to non-North-Korean folks.

    Continue reading
  • Google opens the pod doors on Bay View campus
    A futuristic design won't make people want to come back – just ask Apple

    After nearly a decade of planning and five years of construction, Google is cutting the ribbon on its Bay View campus, the first that Google itself designed.

    The Bay View campus in Mountain View – slated to open this week – consists of two office buildings (one of which, Charleston East, is still under construction), 20 acres of open space, a 1,000-person event center and 240 short-term accommodations for Google employees. The search giant said the buildings at Bay View total 1.1 million square feet. For reference, that's less than half the size of Apple's spaceship. 

    The roofs on the two main buildings, which look like pavilions roofed in sails, were designed that way for a purpose: They're a network of 90,000 scale-like solar panels nicknamed "dragonscales" for their layout and shimmer. By scaling the tiles, Google said the design minimises damage from wind, rain and snow, and the sloped pavilion-like roof improves solar capture by adding additional curves in the roof. 

    Continue reading
  • Pentester pops open Tesla Model 3 using low-cost Bluetooth module
    Anything that uses proximity-based BLE is vulnerable, claim researchers

    Tesla Model 3 and Y owners, beware: the passive entry feature on your vehicle could potentially be hoodwinked by a relay attack, leading to the theft of the flash motor.

    Discovered and demonstrated by researchers at NCC Group, the technique involves relaying the Bluetooth Low Energy (BLE) signals from a smartphone that has been paired with a Tesla back to the vehicle. Far from simply unlocking the door, this hack lets a miscreant start the car and drive away, too.

    Essentially, what happens is this: the paired smartphone should be physically close by the Tesla to unlock it. NCC's technique involves one gadget near the paired phone, and another gadget near the car. The phone-side gadget relays signals from the phone to the car-side gadget, which forwards them to the vehicle to unlock and start it. This shouldn't normally happen because the phone and car are so far apart. The car has a defense mechanism – based on measuring transmission latency to detect that a paired device is too far away – that ideally prevents relayed signals from working, though this can be defeated by simply cutting the latency of the relay process.

    Continue reading
  • Google assuring open-source code to secure software supply chains
    Java and Python packages are the first on the list

    Google has a plan — and a new product plus a partnership with developer-focused security shop Snyk — that attempts to make it easier for enterprises to secure their open source software dependencies.

    The new service, announced today at the Google Cloud Security Summit, is called Assured Open Source Software. We're told it will initially focus on some Java and Python packages that Google's own developers prioritize in their workflows. 

    These two programming languages have "particularly high-risk profiles," Google Cloud Cloud VP and GM Sunil Potti said in response to The Register's questions. "Remember Log4j?" Yes, quite vividly.

    Continue reading
  • Rocket Lab is taking NASA's CAPSTONE to the Moon
    Mission to lunar orbit is further than any Photon satellite bus has gone before

    Rocket Lab has taken delivery of NASA's CAPSTONE spacecraft at its New Zealand launch pad ahead of a mission to the Moon.

    It's been quite a journey for CAPSTONE [Cislunar Autonomous Positioning System Technology Operations and Navigation Experiment], which was originally supposed to launch from Rocket Lab's US launchpad at Wallops Island in Virginia.

    The pad, Launch Complex 2, has been completed for a while now. However, delays in certifying Rocket Lab's Autonomous Flight Termination System (AFTS) pushed the move to Launch Complex 1 in Mahia, New Zealand.

    Continue reading
  • Alibaba Cloud adds third datacenter in Germany
    More Euro-presence than any other Chinese company, but still nowhere near Google or AWS

    Alibaba has pulled ahead of its Chinese rivals in Europe with the opening of a third datacenter in Germany.

    The company said the Frankfurt datacenter serves cloud computing products to Europe and "adheres to the highest security standards and the strict compliance regulations set out in the Cloud Computing Compliance Controls Catalog (C5) in Germany."

    The addition brings Alibaba Cloud to a network of 84 availability zones in 27 regions worldwide. The company's first European cloud center arrived in Frankfurt in 2016.

    Continue reading

Biting the hand that feeds IT © 1998–2022