Innovate on your terms using Azure Arc to bring cloud-native technologies anywhere | BRK13
thank you hello everyone and welcome I'm Jeremy winter corporate vice president of azure Cloud native and hybrid and let me just say I'm thrilled to be here with you again at ignite today I'm here to talk about the progress we've made to enable you to take advantage of core Azure capabilities across your different environments we have a great session planned for you with some exciting announcements customer showcases and demos so so hey let's get rolling to set the context very few businesses I engage with day to day enjoy the luxury of being 100 born in the cloud the reality for most companies is that it Investments grow organically to meet various business needs over time while every business has a different Innovation path there are common patterns for just about every customer I talk to for instance many are working to launch digital products that deliver customer value faster and generate Revenue through new business models others want to find ways to treat all their data as strategic asset wherever it is and turn it into new products and services I also see that your developers are looking for ways to build new systems faster and to run without location constraints and with every operations team looking for ways to meet an evolving regulatory requirements and manage the risks through better security and governance and finally many conversations include a discussion on how technology can help improve management of existing facilities and assets look we're witnessing new technology paradigms emerge in every industry pushing the boundaries from AI to Smart cities to transforming agriculture production amplifying patterns that run across cloud and Edge simultaneously and according to IDC there will be nearly 55 billion connected devices worldwide by 2025 generating 80 zettabytes of data it's it's just an incredible time to see technology and digital transformation goals underpinning what I view as the next Industrial Revolution I'm also sure we can all imagine the demands of meeting the needs of the expanding environments we know the pressure that these expectations put on our developers our Architects and our it pros and it can be very overwhelming especially given the complexity of the wide variety of systems in a wide variety of places that you are all dealing with every day it's key that we look at mechanism mechanisms to simplify this down and at Microsoft our job is to make it simpler for businesses to bring together people processes data and drive forward business value that's why azure's ambition is to be the world's computer The Trusted ubiquitous Cloud platform from Cloud to Edge all organizations and all workloads with Azure we offer the most complete set of tools and services to help developers and operations go quickly and safely from idea to code code to cloud and Cloud to the world to support your critical database workloads you can adapt in real time add layers of intelligence to Applications unlock fast and predictive insights and govern your data wherever it resides you can run your applications whether they are new Cloud native Solutions or business critical applications you've relied on for years with confidence on Azure and as you expand your services and applications you could take advantage of the unmatched security identity and governance for state-of-the-art cyber security risk mitigation and ProActive policy-based Management and we want to meet you where you are so you're able to compose your own consistent and comprehensive Computing fabric blending your own Enterprise and operational Edge Investments with the Azure Global infrastructure so that you can use the best that Azure has to offer across all these environments look let's get into our Cloud to Edge Story a bit deeper first our goal with Azure is to help you use the great Azure tooling services and security where you need it we want to help you invest in the future in Cloud native Technologies and practices without worrying that you're ignoring existing assets or your future Investments Azure has 60 plus public Cloud regions so you can deploy your workloads globally yet we recognize the mix of environments that are in play today such as traditional Linux and Windows Server Farms within local data centers retail spaces and Manufacturing floors that continue to run often on our partners like nutanix and VMware and light edge Solutions continue to grow power in a network of smart devices and private 5G for commercial and Industrial facilities so whether you want to be fully on the cloud or on premises deploying hybrid Solutions or iot devices on the edge Azure is there as a partner with you to help you meet your business goals now as we evolve the platform we're enabling the same operational model from the Azure Cloud to the edge and this is where our Azure art comes in Azure Arc is a bridge that extends the Azure platform to help you build applications with the flexibility to run across the data centers at the edge and in multi-cloud environments Azure Arc provides a consistent development and consistent operations and consistent security model for both new and existing applications you use the same tools the same security and governance technologies that you use in public Azure to create and manage application resources anywhere a subset of the Azure services for application data and AI are there to use on both new and existing hardware virtualization kubernetes platforms iot devices and Integrated Systems as a developer you can focus on building and shipping applications with an end-to-end development experience and it teams have the tools they need to manage the application and databases at scale look we're incredibly proud to see our customers adopting Azure Arc we have over 8 000 customers that have deployed Azure Arc in a diverse set of scenarios we are so grateful for the support and the feedback we hear from you and our promises to you is to continue to provide you the flexibility you need all the while investing with you as a partner together to highlight a few customers further I'm just thrilled to share that Wells Fargo one of the largest financial institutions in the world is using Azure Arc to serve their millions of customers they are using Azure kubernetes service also known as AKs to enable a common orchestration layer across their kubernetes-based applications but Wells Fargo also has apps that can't run in the public cloud now they are extending AKs to run the same fully managed AKs in their data centers around the world for applications that need to stay on-prem using Azure Arc as a bridge between the public cloud and the on-premises environments Wells Fargo can have the same experience managing AKs clusters in Azure in their data center or at the edge and by investing in AKs they were able to take those same skills built from the cloud offering back on premises their on-premises AKs clusters are always connected to Azure through Azure Arc to deliver a seamless and consistent and at scale managed kubernetes experience Siemens Health veneers is another great example of a customer with a large base of existing applications going through modernization with Azure Siemens healthineers enables Healthcare Providers to digitize their health care they provide medical imaging devices like x-rays ultrasounds scanners all through digital Health platforms that reach over 5 million patients worldwide daily Siemens chose Azure Arc to deploy new applications to their medical scanners and other medical equipment across the globe now when the pandemic hit Siemens created a new application to help detect kova 19. they leveraged Azure Arc to distribute this new application to thousands of medical devices at scale and across the globe with seamless management and security for their entire estate and our next customer is one you all know the iconic green and yellow John Deere tractors that are so familiar in the sites of fields around the world with A well-stocked technology portfolio that spans Cloud platforms on-premises data centers and Edge devices at factories John Deere's modernization strategy makes the most of its assets while cultivating a path for the future together with Azure Arc enabled SQL managed instance John Deere helps connect the dots across all these environments and puts the power of the cloud to work in the company's existing infrastructure the result a unified view of operations across platforms that pivots on Azure Arc helping John Deere to optimize manufacturing operations so as you can see customers across different Industries are enjoying real world benefits to better serve their customers and meet various business goals let's look deeper at Azure Arc and how kubernetes fits into our strategy Cloud innovation has radically changed the way applications are designed and operated and it's clear from the conversations I'm having with customers including many of you that the app of the future is cloud native and as Cloud native becomes the prevailing mindset kubernetes has become synonymous with Cloud native methods as customers like yourself bet on containers for operational efficiency security and abstraction layers with the Azure kubernetes service we've made it easy for you to take advantage of several kubernetes best practices like pre-configured templates Enterprise security and policy as well as Integrations with both GitHub and visual studio code to meet you where you are we need to ensure we're simplifying how you build Cloud native applications that are portable and this needs to be more than just packaging and shipping code you need the cloud services plus the container infrastructure coupled with the devops practices and tooling and with Azure Arc enabled kubernetes whether it's AKs or third-party kubernetes Solutions like Rancher or openshift Azure Arc works with them all you can build custom container-based applications on any platform with reduced complexity and flexibility of Choice by leveraging Azure Arc now we recognize that it can be a challenge managing the deployment of these apps and databases across environments to help here Azure Arc leverages git Ops and policy driven deployments so you can get a consistent experience at scale now we have a ton of solutions already available and we're continuously iterating with the new capabilities as we go today I'm announcing that we are expanding Azure hybrid benefit to include AKs so that you can deploy AKs on Azure stack HCI and Windows server at no additional cost and for Windows Server software Assurance customers you can deploy and manage Linux and windows applications in your data centers with a consistent managed kubernetes service we're also bringing new hybrid deployment options to AKs enabled by Arc to deploy AKs on Windows devices and windows iot I'm also excited to announce the preview of Mariner Linux as a container host for AKs with Mariner Linux you have the advantage of consistency across cloud and Edge with a full end-to-end optimization of Linux on AKs and lastly we're bringing more cost savings to you for your hybrid kubernetes workloads Azure policy is now available for one year for Arc enabled kubernetes including APS clusters at no additional cost now to show all this in action I'm really excited to bring Jane lead product manager of azure Arc to walk us through a demo that includes many of these new announcements in Azure including the power of get Ops across the environment thanks Jeremy really excited to be here as you know I Azure kubernetes service offers a simple to develop and deploy Cloud native apps in Azure it comes with built-in capabilities like cluster configuration monitoring policy and security AKs has been available in Azure for a few years now and we're extending deployment options to our new hybrid environment targeting Windows iot Azure stack HDI and Windows server in this demo we will show you how a global supermarket chain is leveraging this new hybrid model for their software development in Azure and production deployment at the edge let's start in the Azure portal contoso have two type of AKs clusters first one is deployed in Azure that is used for software development and test the second cluster is deployed on top of Windows 11 iot running on a physical small footprint machine in their store it is also Arc enabled so it can be managed from Azure in this demo we'll focus on the consistency of software deployment using git Ops let's review the current application deployment on the left we have the application is deployed on the AKs in azure it is discoverable by a public IP address on the right the same application is deployed on the cluster hosted on Windows iot located in the store in this production environment the application has store cameras integration discoverable via private IP address contoso requires regular software updates with new products to do that a new version of the application needs to be implemented tested and deployed to the production AKs cluster on Windows iot we'll take a closer look at the git Ops configuration for both AKs clusters by using the same configuration at the same GitHub repository contoso can deploy their application on both clusters in a consistent approach let's take a look at the GitHub configuration starting with the AKs cluster in Azure it is pointing to a GitHub repository where the applications kubernetes manifest files are located switching to the production AKs cluster we can see the same git Ops configuration pointing to the same GitHub repository assuring software rollout will be consistent let's move over to look at the AKs nose details on top we can see the AKs cluster nodes in Azure and at the bottom The Arc enabled AKs single node cluster on Windows iot zooming in on the underlying image for the nose for both clusters it is running Mariner CBR operating system which is open source Linux distribution created by Microsoft this is now available for preview as the AKs container hosts to support the new toy business we need to roll out a new version of the contoso application to see this in action we'll first monitor the contoso Po's namespace and the deployed Parts on both clusters so we can witness the update in real time to start the rollout process let's hop over to the visual studio code first we can see the local branch is pointing to the github's configuration remote Branch URL now let's review the two kubernetes manifest files we have the first ml file is describing the development version that is deployed on the Azure AKs and we can see the camera integration and the new toys category are currently set to false on the second yaml file describing the production version deployed on the AKs in the store we can see that the camera integration is set to true and the new toys category is set to false to test the new toy category and the update application interface will first enable the new category for the development AKs cluster this will allow contoso to validate the new categories added and the updated interface is working so let's go ahead and commit and push the changes to the GitHub repository we can see that the new application part is deploying and the old one gets terminated by refreshing our browser we can see the application interface has changed and the new toy category was added great now the contoso validate the new application interface is working and the new tweak category was added to their AKs development environment it's time to roll out the change to the production environment in the second yaml file describing the production version we can enable the new category since this is a production version that is deployed in the store will leave the camera integration enabled again let's commit and push the update to the GitHub repository as expected we can see the behavior of the rollout happening instantly on the production AKs cluster by refreshing the browser we can see the new version with camera integration now available in the store this side-by-side view shows how contoso were able to test and deploy the same point of sale application on two different AKs deployment across the cloud in the edge to learn more about our AKs hybrid deployment check out the ak.ms Slash aks-hybrid back to you Jeremy thank you thanks Jane it was great to see AKs deployed in production both in Azure and within retail stores and as always I really appreciate your time now before I introduce our guest speaker from Millennium BCP let's take a look at a short video Millennium BCP was founded roughly in 1985 we always use technology in smart ways to help and assist our customers with better products and services today we have operations across Portugal Poland Mozambique Macau we have over 6 million of clients 60 percent are digital the financial industry has a lot of very strict regulations that we need to follow we have 300 to 400 virtual machines running most of them were workloads moved from the cloud but everything that provides services to the digital app is running on containers on cloud the main thing for us in the usage of azure Arts enabled kubernetes is that nowadays developing themes don't need to worry at all about in which infrastructure they're going to run their applications because Asia Arc actually makes it super easy our typical Arc deployment pivots around get UPS to deploy configurations and applications Azure policy because if there's one thing that we need to ensure is that security and compliance is in place also Azure monitor because that gives us a baseline for alerting and monitoring that we can rely upon what used to take us months to do now we do it in days tools like Azure kubernetes and Azure work will continue to buy a key role in this journey we are building the future today hey as you saw Millennium BCP is doing some amazing things with Azure Arc enabled kubernetes they're the largest banking provider in Portugal and I'm excited to introduce Nuno from Millennium BCP to share his journey with us Nuno thank you so much for joining me here at ignite thank you for having me perfect so Nuno tell me a bit about Millennium bcp's cloud and kubernetes journey sure so basically we started using Azure five years ago and with focus on a more structured Cloud adoption strategy I'd say around three years ago with an internal Cloud Center directions doing Greenfield approaches to quickly realize value and build new ways of working more than just deploying Technologies I'd say the focus has always been on changing the way we do I.T partnering with some leading Enterprise partners and open source initiatives to really design what we think are best of these Solutions this has led us to a service model where we now support five regions across Europe from multiple Cloud providers and and we see on-prem for instance as just another cloud provider with a few thousand Services running primarily in containers ranging from things like transactional middleware and business processes to maintain mostly within AI that's fantastic to hear Nuno so let's talk a little bit more about this kubernetes for a bit why did Millennium BCP choose Azure Arc enabled kubernetes and what role has it played in building better experiences for the millions of millennial BCP customers that you have we have identified a set of veterans and technologies that we wanted to onboard doing this road trip that that we're having towards the clouds things like githubs and opa policies for instance was we wanted to find the part of them to help us accelerate that option and share the load of running these components at an Enterprise level and I think we found that partner in Microsoft with Azure Arc enable kubernetes with the Azure Arc extensions for kubernetes we easily extended our internal processes and automations to include these components while relying on Microsoft to manage the actual component life cycle this allows this allowed us to Focus I'd say on designing how our applications should be deployed monitored scaled meaning that instead of having a larger of people focus on running the business now we primarily focus on building the business moving from things like processary static yearly deployment calendar to continuous deployment patterns and focusing on rapidly creating things such as new digital banking services for our customers that's cool that's really cool with the strict regulations in the banking sector just how does Azure Arc help you achieve your security and compliance goals for your hybrid deployments that's a very good question Jeremy because the way we see it security and compliance starts with things like validated workflow patterns and correct visibility and Azure Arc is crucial to this in many of our communities across assurances most users have little or no direct access to the kubernetes API so any change to a workload this describes in a Azure devops report and then implemented using githubs on these Azure Arc enabled clusters by using the this process we are automatically enforcing things like additional patterns defined by specialized roles such as gasres or secops people that ensure that no gaps and design or configuration were left in by draft teams for instance we also ensure that entire cluster configuration is kept current and available outside the cluster facilitating service continuity scenarios and and service migration scenarios for instance and additionally we use Azure policy on these Arc enabled clusters to enforce a large list of built-in and custom policies across the cluster and ensure workloads running are safe and properly configured exposing in Azure policy and in compliance Gap that may occur so that the right people may address it wherever the cluster may be running and I said finally we also have Azure monitor we use it to ensure that we have a baseline monitoring configuration in all clusters so that we can react on time to close our health issues look it's great to hear that Azure Arc helps provide a secure experience to you and your customers and enables Millennium BCP to protect you know all those digital assets you know as I think about it can you tell me more about the benefits that you're realizing across your organization sure I think with pressure R we see people focusing on using their skill set to create reality you know for instance their teams focus on living room features to customers and infrastructure teams focus on enabling new application patterns as a result we see our Innovation guidance increasing even more with those and internal I.T products as well as customer oriented features maturing at a much faster Pace Azure Arc has enabled the level of Automation and Agility I say throughout the applications lifecycle that now allows us to go for instance from whiteboard to production in days instead of weeks or months well ensuring the right concerns are properly addressed and on the other hand it teams have an unprecedented level of visibility and understanding allowing them to be a lot more efficient in their daily work and have still time and energy to continue implementing RIT Innovation world map yeah look you know I think that's awesome that the teams are being able to get more efficient and you're able to see them apply it elsewhere in the business so look just I thank you so much for your time today I really appreciate your partnership looking forward to seeing all the great things we can continue to do together so thank you so much thank you now Millennium BCP is not an exception here especially when it comes to protecting and harnessing Insight of their customers data data is an organization's most strategic and valuable asset we also recognize that data is often a critical component to your applications there will be times be it for proximity performance or regulatory reasons that you need data to reside locally at the edge and according to Gartner's predict 2022 report 90 of existing data management tools and platforms that fail to support multi-cloud and hybrid capabilities will be set for decommissioning through 2026.
look we want to make sure that customers have a modular flexible end-to-end architecture to support growing data requirements and Azure data services is certainly one that you will want to use to innovate with with Azure Arc you can use critical data services such as SQL and postgresql as Cloud native services in your own environment all are generally available today for you to get started with you can also use Azure machine learning Services which are Arc enabled for use in your factory floor operating room and Retail Store to train score and inference your machine learning models right where the data lives and with Azure Arc enabled SQL managed instance you get a fully managed up-to-date platform as a service next let's talk about security at Microsoft security is at the heart of everything we do we invest over a billion dollars annually in security and employ thousands of Engineers to ensure our software and services are secure and this includes azure with Azure Arc we bring the latest Azure security and governance services and azure-centric practices to distributed environments so that you can use the state of art threat detection response and analytics you can protect all your applications whether they're running on VMS containers or paths and easily adapt through Dynamic visibility for compliance and audit and you can also Foster collaboration between teams through shared tools today you have access to a comprehensive set of tools and services such as Microsoft Defender for cloud Azure policy Azure Monitor and Microsoft purview I am excited to share some new announcements with Azure Arc to secure manage and govern your resources let's start with Azure Auto manage which is a service that simplifies configuration and management of servers with automated operations we're pleased to announce that this is now generally available for all Azure VMS and Arc enabled servers I'm also excited to announce as part of our expanding support of azure Services through Azure Arc that Azure update Management Center is now in preview this will simplify onboarding and enhance Integrations with Azure for updates and Patch management for your resources anywhere with these announcements I want to introduce Brandon from the auto manage product crew to run us through how to get started with the new capabilities available Brandon the floor is all yours thanks Jeremy hello everyone as you probably know Azure offers an amazing array of it Management Solutions which are extremely powerful and popular individually they're all pretty easy to set up however onboarding many of these different solutions and monitoring them at scale can still be challenging I'm Brandon Poe a product manager in the auto manage team and I'm going to show you a new service in Azure called Auto manage machine best practices that was created specifically to help you reduce the operational expense of managing your VM Fleet so what exactly does it do well instead of you enabling and configuring all of these Services one at a time we allow you to define a profile that we call a configuration profile that you can assign to a machine or thousands of machines and auto manage will set them up according to this configuration let's take a look here in the Azure portal you can find auto manage machine best practices by typing Auto manage into the search bar first let's have a look at the configuration profiles View these configuration profiles let you define things like which Services you want to enable in your machines like log analytics Azure backup update management to name a few and how you want those services to be configured when you assign one of these profiles to your machines Auto manage will handle the initial setup and configuration of these services but the goodness doesn't stop there we'll also continually monitor the machines and make sure that they don't Drift from this desired State then if they do we'll automatically pull them back into conformance we have two built-in profiles one for production workloads and one for Dev test workloads you can see that the dev test profile doesn't enable Azure backup or machine insights but does enable Microsoft anti-malware and the Azure security Baseline you can also create your own custom profiles to Define your own best practices for instance if you use a different anti-malware solution you can turn the Microsoft one off here now let's enable a configuration profile on some existing machines note that you can also do this when creating new VMS when onboarding new arc enabled servers as well as at scale using Azure policy and arm templates here all I need to do is select the config profile that I want to use I'll use the production profile and then hit next to select the machines here I see a list of my machines as well as what type they are and what OS they're running you'll notice that I have both windows and Linux machines Auto manage supports both now I hit the review and create button to review my selection and then hit create if I'm satisfied Auto manage is Now setting up the machines we selected and making them conformant with the config profile we selected we can see that their status is in progress and within a few minutes they'll move to conformant which means that they're in the desired state and that's how easy it is to manage your entire fleet you might have noticed that auto manage also supports Arc enabled servers this is great because that means you can use the goodness of Auto managed machine best practices not just on your windows and Linux machines in Azure but everywhere else too like in your own data centers or even one of those other not quite as good public clouds oh and I forgot to mention that auto manage machine best practices is free to use you only pay for the services that you enable just as you would if you were doing this all manually so if you're looking for one Consolidated management solution that simplifies onboarding and configuration and remediates drift for all of your machines virtual or physical windows or Linux in Azure on-prem or even in another hyperscale cloud like AWS Azure with auto manage machine best practices is it thanks for watching back to you Jeremy thanks Brandon for showcasing the new capabilities within Auto manage it's exciting to see that our customers can take advantage of this both for resources on Azure and Beyond now Switching gears here let's talk about your connectivity needs and Regulatory needs with Azure Arc we understand connectivity and regulatory requirements play an important factor in your application designs and in many cases organizations can easily move their apps to the cloud but it gets more complex with regulated Industries like government health care and financial services navigating these requirements is critical with a broad range of infrastructure and connectivity options Azure art can help you meet your data and residency sovereignty needs with a range of infrastructure options simplify Edge Computing infrastructure for low latency applications and operate by fully or intermittently connected to Azure even for lengthy periods of time for customers and isvs looking for connectivity through 5G for low latency applications I'm excited to announce that the general availability of the Azure public Mech with at T in Atlanta and Dallas locations we will have two more sites in Detroit and New York coming soon and by using the azure public Mech solution developers can deploy low latency applications at the network Edge powered by Azure services and the connectivity to the operator's 5G Network today we are announcing new updates to simplify up deployments or gpup to improve AIML Solutions and graphic-rich vdi solutions we are also making it easier to migrate your workloads to Azure stack HCI by adding new capabilities that are in preview with Azure migrate finally as I wrap up and with everything we've shared today I want to emphasize our commitment to keep delivering Azure solutions to modernize and optimize your infrastructure and investments from Cloud to the edge be sure to check out all the great resources in the event portal and attend the ask the expert session to engage with our subject matter experts for all of your questions and to get up and running quickly you can get started with Azure Arc with jumpstart which is at AKA dot Ms whack Azure Arc JumpStart look everyone we've covered a lot of ground today I want to again thank you for tuning in and see you next time enjoy the rest of ignite thank you
2022-10-14 20:15
