Why Azure Arc?
Azure Arc is a fantastic product that can simplify your complex and distributed workloads across on-premises, multi-cloud and edge environments. Arinco has worked with many organisations that operate across different cloud providers, multiple on-premises data centres and edge networks. One of the biggest challenges for these organisations is having to use different management tools and separate DevOps/ITOps models to ensure all environments are maintained and monitored effectively.
By using Azure Arc, you can simplify your governance and management of these hybrid environments by bringing your non-Azure and on-premises resources into Azure Resource Manager (ARM), allowing you to view and operate within a single pane of glass via the Azure Portal that you are already familiar with.
Arc supports a range of resources including:
- Arc-enabled servers including both Windows and Linux servers
- Kubernetes clusters (any Cloud Native Computing Foundation certified cluster)
- Data Services including SQL Server Instances, SQL Managed instances, PostgreSQL (Preview) and Data Controllers
- Hosted environments including:
- Azure Arc Resource Bridge
Arc then allows you to extend the control plane for management of the above resources, just like you manage your typical Azure resources, using familiar tools like the Azure Portal, CloudShell and Azure Policy.
The Advantages
By on-boarding to Arc, you are then able to:
- Leverage the power of Azure Policy to audit and remediate resources, validate configurations and environment settings
- Have a single consolidated view of all services via the Azure Portal and use a consistent interface you are already familiar with
- On-board and configure Azure Monitor to extend your monitoring beyond just Azure resources
- Tag and Query assets across both hybrid and Azure assets and centralise your inventory
There are several ways to on-board servers to Azure Arc. I will detail on-boarding in a future post but once you have on-boarded a server, many of the familiar configuration and management tasks you already leverage for Azure native endpoints become available to you, including:
Option | Description |
Overview | You can review basic information about the server, including status, location, subscription, computer name, operating system, and tags. |
Activity log | You can review a list of activities that were performed on the server and who performed them. |
Access control | You can review and manage access to Azure resources for users, groups, service principals, and managed identities at this scope by creating role assignments. |
Tags | Tags are name/value pairs that enable you to categorize resources. |
Policies | You can add, configure, and remove policies for the server. |
Update Management | This option enables you to maintain consistent control and compliance of the server. |
Change Tracking and Inventory | You can review change tracking and inventory configuration for the server. Change Tracking and Inventory helps enable consistent control and compliance of your resources. |
Insights | You can use Azure Monitor to review host CPU, disk, and the online/offline state of your Azure Arc-enabled servers. |
Logs | You can run queries on logs to gather information about the server. |
Extensions | You can add and remove extensions for the server. Extensions are small apps that provide post-deployment configuration and automation tasks on servers. For example, Contoso could use an extension if a server needs new software, or if IT staff need to run a script on a server. |
If you leverage Microsoft Defender for Server Plan 2, read about extra benefits available to you, including the free use of Azure Update Manager on Arc Connected machines, in a separate blog post detailed here.
Each server on-boarded will then appear in the Subscription and Resource group you set during installation. Just like your Azure resources, each resource will have its own unique Resource Manager ID, Tagging and a Managed Identity.
An example on how an Arc-enabled server appears in the Azure Portal, is shown below:
What if I want to on-board more than just servers?
Azure Arc allows you to on-board Kubernetes clusters no matter where they run. You can then control your cluster configurations and workloads at scale. Onboarding Kubernetes clusters is like onboarding Arc-enabled servers by deploying dedicated agents within your cluster.
You can then extend Azure monitoring to your containers, deploy and enforce Microsoft Defender for Containers, govern access and connectivity to your clusters from anywhere via Azure role-based access control (RBAC).
And, just like Arc-enabled servers, each Kubernetes cluster will have its own unique Resource ID, tagging and managed identity.
An example on how Kubernetes clusters appear in the Azure Portal, is shown below:
Azure Arc allows many other services to be on-boarded. If you would like to know more about these, please refer to the Arc documentation here.
Guest Configuration with Azure Arc-Enabled Servers
You might have previously deployed the Guest Configuration extension to your Azure Virtual Machines but with Azure Arc this extension is already part of the Connected Machine Agent that is deployed during on-boarding. Therefore, there is no need for any extra enablement to leverage Guest Configuration on Arc-enabled servers.
Did you know that there are over 50 built-in Azure Policies that can be applied to Azure Arc-enabled servers for auditing settings, deployment of extensions, and remediation? You can assign these Azure Policies in the same familiar way that you apply to Azure Virtual Machines. Once assigned, you can also view compliance states in the same way you view for typical Azure VMs.
An example of compliance state, is shown below:
Conclusion
Azure Arc is a comprehensive solution to simplify your governance and management of many resources that run outside of Azure Cloud. Being such a comprehensive solution, stay tuned for future blog posts that will describe in detail more of the features and benefits of using Azure Arc, how to on-board and configure accordingly.
If you need help to accelerate your journey with Azure Arc and incorporate into your organisation, please get in touch.