Introducing Azure Arc

To say we’re excited at Microsoft about Azure Arc is a bit of an understatement. For customers who want to simplify complex and distributed environments across on-premises, edge and multi-cloud, Azure Arc enables deployment of Azure services anywhere and extends Azure management to any infrastructure.

This week at Microsoft Ignite, we announced that Azure Arc is now in public preview. To learn more about how Azure Arc enables Microsoft customers to bring Azure benefits to any infrastructure, including Azure Data Services, we had the opportunity to interview the team at KPMG Ignition in Tokyo, Japan. They have been active participants, early adopters, and key partners in the Azure Arc private preview.

We spoke with Aram Lauxtermann, Head of Cloud and Data Engineering at KPMG Ignition, as well as KPMG Marketing Directors Taketsugu Abe and Masaki Asanuma from Tokyo to learn more about how they’re using Azure Arc to enable their clients to take advantage of the Azure cloud.

Microsoft

How did the team at KPMG Japan get involved in the Azure Arc private preview?

KPMG Ignition

At KPMG, we have a diverse range of clients and we saw that there was demand from our clients to be able to host data on-premises and use cloud technologies for compute or other actions. When Azure Arc came out, it was the perfect solution for us since that’s what it was designed to do. It enabled us to legally store data in a secure location without ever needing to move it and then do compute actions in the Cloud, then store that computed data on-premises again. This was a common need of our clients.

Microsoft

Are there regulatory or other data privacy requirements you’re dealing with?

KPMG Ignition

Not regulatory requirements – most of the time it’s a contracting requirement. When we were all still in our own data centers and didn't use the Cloud, we basically told our clients we will take care of your data and we will do it in a secure manner. Now those contracts are still there, and those clients feel comfortable in that situation knowing their data is secure. Azure Arc enables many new actions on their data in the Cloud without ever breaking the terms of those existing agreements or requiring modifications because the customer’s data is still secure in an on-premises environment.

Microsoft

What types of solutions does Azure Arc enable you to deliver to your KPMG clients that previously would have been difficult or impossible?

KPMG Ignition

It was really clear for us right away that Azure Arc would enable a lot of new functionality for our clients. A data center is a static thing. It has a certain size. It doesn't automatically scale easily. But all your computational actions are being done in the Cloud. You have the advantage that you can scale by extending functionality in your on-premise data center. For example, it enables scalability via event driven architecture, so when an event happens, the Cloud can react in certain manner. That's incredibly handy. Because it’s Azure, it also enables all the security features, monitoring, logging, and alerting that we need.

Azure Arc provides the benefits of Azure management and scale to on-premises, IoT Edge, and multi-cloud environments.

Microsoft

How important is security for KPMG when choosing a cloud provider?

KPMG Ignition

It's probably the number one thing. Within our field, if we host data for clients and there is a sense that data is not secure in any way or form, we might as well just quit.

I think that is one of the most important things with technologies like Azure Arc. A lot of people transition from a data center to a cloud environment, and first they basically copy what they had on-prem so that they understand it and then it transitions over into a new generation.

The problem is most of the time there's no facilitator in that process. Azure arc functions as a facilitator – it shows everything that I have on-premise and everything that I have in the Cloud. We make it visible and then we can migrate some of those servers over, so it functions on this deployment level. It helps people to understand how they can move and how they can transition to a new environment.

From a security perspective it does the same thing. It makes security visible because you see that virtual machine or the data source in your on-premises data center and you see how the data is taken out as actions are performed and how it's then stored back into that database in our data center. The visibility that Azure Arc enables is very handy to explain that to non-technical people.

Microsoft

Could you talk a little bit about how participating in the Private Preview was beneficial for your clients?

KPMG Ignition

Azure Arc opened a wide range of possibilities for multiple clients. Basically, it opens the door for them to the Cloud. For example, clients that have audit data on premise or clients that have tax information on premise, those clients previously did not want to go to the Cloud because they would say “I'm very happy having my database here in my on-premise environment, which contains highly confidential data.” The door is open for all of them now.

They told us, prove that the security model is accurate, that you will handle our data in an appropriate manner and communication lines are secured. If all those boxes are checked then you can onboard us to the Cloud. So, there was this entire range of clients that told us they didn’t want to participate in the Cloud. Now with Azure Arc that door has opened for us. It makes it so much easier.

Microsoft

One thing organization’s worry about when moving to the Cloud is cost. How do those cost conversations go when you're talking to one of your clients about Azure Arc?

KPMG Ignition

That's a very good question. In my experience, working with multiple companies that have transitioned to the Cloud, I’ve seen a lot of mistakes, mostly when technical strategy and business strategy aren’t aligned.

If the end goal is to create a hybrid environment to transition more clients to cloud-native technologies, we need to know that we're not duplicating efforts in both environments. If a data source is on-premise, what’s the business requirement behind that? Is it because you want to store data in a SQL database in my own data center? If that is the requirement, so we are not duplicating or virtual machines in both environments where basically using our cloud for compute and data storage is still in our on-premise environment. If that is the strategy, we can use all the cost saving possibilities that we have with Azure with advantages like scalable virtual machines and scalable containers. We use the entire package, so we don't have to build and maintain it in our own data center.

Our cost strategy is simple - move the data temporarily, perform compute actions, for instance, machine learning algorithms, then get it back in the on-premise environment. From our perspective, this is a very clear strategy – to only store and transfer data. Compute happens only in the Cloud environment, which lowers costs, and is the reason we migrated to the Cloud in the first place. If you build a data center in the Cloud, you're breaking the paradigm that Microsoft has established – you’re basically doubling your costs because you're taking none of the advantages, but you're still paying for them! You’re enforcing an outdated paradigm on your cloud environment!

So, from our perspective, we want to do what Microsoft says: “Be scalable, take advantage of automatic backups, lower your operating expenses”. Then the only thing that we need to do is this very small scope - store and transfer our data from that hybrid environment.

Microsoft

How does Azure Arc shape your conversations around digital transformation with your clients?

KPMG Ignition

At KPMG, and especially KPMG Ignition in Tokyo, we have a wide range of clients with very different needs. We have some clients that say, “I need an environment in my own on-premise data center”. Other clients demand multi-cloud environments. We must be very flexible. We need to offer a wide range of solutions. For our clients, Azure Arc was exactly that puzzle piece in the center that we needed to visualize all of this. Otherwise you have all these independent systems that you have to build all these layers on top of to visualize what's happening and then you have to maintain it.

Speaking of cost, it's not so expensive most of the time. For a company like KPMG to build and configure and automate all the scripts to facilitate cloud migration it can become really expensive. So, having something cloud native that is supported by Microsoft Azure that has all these different levels of support makes it so much easier for us to visualize – to allow us to see all these different clients or data centers or clouds. Or, let's say even an edge network like you’d find on a cargo ship, we can now easily connect all of that. So it’s a very, very powerful tool to make your organization scalable.

Microsoft

Hybrid is one of Microsoft’s key advantages relative to Google, AWS, and others. Did you investigate other competitive solutions before choosing Azure Arc?

KPMG Ignition

At KPMG, we have a long and very successful relationship with Microsoft. Myself, before I worked for KPMG international, I worked for KPMG Netherlands. I got to work with the with the internal teams at Microsoft multiple times. So, for us it was always, “Okay, we're going to take a look at Microsoft.” We heard about Azure Arc, and when we heard what the concept was, we basically asked right away, “how can we be a part of this?”

We started working the Microsoft Fast Track team, working together as one team in private repositories. At KPMG Ignition, we have a lot of very heavy engineering capacity, with multiple Microsoft MVPs on staff, so when we heard what the technology was, we were going to take a look. We asked, “how can we work together to ensure we stay aligned in this early stage of development?”.

We needed communication to be extremely well managed, and every week we had a sync with Microsoft. We were speaking with the Fast Track team, and we were facing similar problems as other partners, so we get a lot of information and we knew where things were going, so we were extremely happy with collaboration.

Microsoft

Tell me more about working with the Fast Track team. How have you been able to influence product development through that engagement?

KPMG Ignition

Microsoft is continuously upgrading their cloud capabilities, so if we don’t move with you, we could miss an update and fall behind. That’s one of the biggest risks we're trying to mitigate – making sure we stay aligned. What’s Microsoft’s vision? How can we shape that vision to support our clients? From our perspective, that is not just a managerial conversation.

For example, we learned Microsoft would be heavily investing in containers, so we wanted to know which types of container solutions and what is the security model? In that case, we set up a weekly call with Microsoft. We got our Azure Arc engineers in the calls with the Fast Track team and the product team so we could learn where they were going and what solutions are they building. In turn, they learned what we were doing, what issues we were facing, what our priorities were, and this allowed us to help them shape the product vision.

We worked together in private repositories to build up that entire knowledge base, so if Microsoft goes to the next customer who was facing similar problems, they can build upon our knowledge and learning. Being one of the first is always hard, but it brings massive advantages, like being first to market and understanding and influencing in the product. That means we also need a little bit of support, and Microsoft has been amazing in that sense. This is this the second time that we've been part of a private preview with Microsoft and both experiences have been extremely positive.

Microsoft

To what extent are you using other Azure Data & AI services?

KPMG Ignition

My title is “Head of Cloud and Data Engineering”, so I manage the Cloud unit focused on databases, containerization, security architecture, all those things. Our data team focuses on data bricks, data factory, event hub with Kafka integration, so basically the entire range of Azure technologies. As a data engineering team, we’ve built this entire data platform which is based upon Microsoft’s best practices.

One of the first Azure Arc projects we had was to integrate sensitive data sources into our data platform to perform multivariant regression and anomaly detection. We do unstructured learning across different data sources. It's extremely helpful for us – and a great example of the new capabilities we have for our clients with Azure Arc.