The November release of VMware Aria Guardrails arrived just as we descended on Las Vegas for AWS re:Invent. The timing could not have been better as the release included some new features that resonated well with people that visited the VMware booth.
- Azure support and library templates
- Additional Cost and Security library templates
- Discovery of existing cloud accounts and governance enforcement
Azure support and library templates
Although re:Invent is focussed around AWS and its ecosystem, many customers use multiple cloud platforms. Had we not volunteered the information that Aria Guardrails supports multiple clouds, it is likely that we would have been asked anyway! Most visitors to the VMware Cloud Management booths use more than one cloud platform and solutions that address challenges in multiple clouds seemed to be of great interest!
With the November release of VMware Aria Guardrails, we have added support for managing Azure cloud environments along with several Azure-focussed library templates to the Bootstrap, Security, and Config categories. The screenshot below shows how easy it is to browse and import templates from the six defined categories.
As with all other library templates in VMware Aria Guardrails, these new templates can be used as is or customized to fit other requirements and establish desired states for your Azure cloud accounts. The newly added templates for Azure are as follows:
| Template Name | Function |
| Azure – Attach Subscription | Attaches an Azure subscription to a Management Group |
| Azure – Management Group | Creates a Management Group to organize resources and subscriptions |
| Azure – Resource Group | Creates a Resource Group to hold related resources for an Azure solution |
| Azure – Built-in Security Category policies | Applies security policies to a scope (Subscription / Management Group / Resource Group etc) |
| Azure – Built-in General Category policies | Applies general policies to a scope (Subscription / Management Group / Resource Group etc) |
| Azure – Built-in Storage Category policies | Applies storage policies to a scope (Subscription / Management Group / Resource Group etc) |
| Azure – Policy Assignment | Assigns a policy definition to a scope |
| Azure – Role Assignment | Assigns the a Role to users, groups, service principals, or managed identities with a particular scope |
| Azure – Role Definitions | Creates a new Role with a custom set of permissions |
Security and Cost templates
In addition to the Azure templates listed above, several new templates have been added to the Cost and Security categories with this release.
Account discovery and templating
Having added an AWS root account, VMware Aria Guardrails can now be configured to discover new member accounts on a scheduled basis. Account Discovery schedules can be created for each root account and any newly discovered member accounts will show up in VMware Aria Guardrails as new environments and can have desired states applied to them.
Once those environments have been discovered, it is now possible to create a template based on the configuration of a specific environment.
That means that existing configurations present in member accounts can be templatized and those templates can either be applied back to the same account to enable ongoing drift detection and governance or adapted to create a more generic template that can be applied to multiple member accounts.
As an example, when executed against one of the demo accounts that we set up for AWS re:Invent, all of the Config rules and Policy assignments were captured in to a new template.
Had this been an existing account rather than a brand-new one that we were already managing, we could have then applied the template back on to the environment to help identify any subsequent drift or violations.
Try VMware Aria Guardrails
The addition of support for Azure in this release of VMware Aria Guardrails makes it a true Multi-Cloud Management solution that will suit customers using multiple cloud providers. And it’s not just for new cloud accounts, with the addition of brownfield account discovery and templating it can be adopted by customers with existing cloud accounts as well.
To try out VMware Aria Automation and VMware Aria Guardrails, activate a free trial on the VMware website and see these new features for yourself.
