Microsoft announced an amazing new feature within Azure called Azure Arc. This feature is now available in public preview at no cost. Please note, The Public Preview release is designed for evaluation purposes and should not be used to manage critical production resources
What is Azure Arc?
Azure Arc will allow you to add and manage servers that are not part of your Azure environment. This will include your on-premises environment as well as other cloud providers, such as Amazon Web Services and Google Cloud Platform. Azure Arc will create a single pane of glass view of all your servers across all environments you manage and maintain. This will allow you to utilize the tremendous capabilities within Azure, such as Azure Policy for compliance, Security Center, and Cost Management.
When a machine is added to Azure Arc it is classified as a Connected Machine and placed in a resource group. Each machine has a specific Resource ID attached to it that can be used with Azure Monitor and Log Analytics. Tagging can be added as well for inventory.
To deploy Azure Arc, an agent needs to be installed on each machine that you wish to onboard. Once onboarded, Azure Arc will perform a heartbeat check-in process every 5 minutes to validate connectivity. This can also be used when monitoring machines to verify their connected state overall.
In the Public Preview, Microsoft supports the following operating systems:
- Windows Server 2012 R2 and newer
- Ubuntu 16.04 and 18.04
Additional operating systems, including servers at Amazon Web Services, will be available at some point.
How do I add my servers to Azure Arc?
In your Azure subscriptions where Azure Arc is to be used, you need to register two resource providers.
You can do this in the Azure Portal under Subscriptions > Resource Providers or using Azure PowerShell (or cloud shell) with the following script:
Set-AzContext -SubscriptionId [subscription you want to onboard]
Register-AzResourceProvider -ProviderNamespace Microsoft.HybridCompute
Register-AzResourceProvider -ProviderNamespace Microsoft.GuestConfiguration
Once completed, follow the process below to begin adding your machines. You can also use PowerShell on onboard machines at scale. The following process will generate a script to use to onboard either Windows or Linux servers. You can use the script multiple times as long as the Subscription, Resource Group, and Location remain the same.
1. Go to https://aka.ms/hybridmachineportal
2. Click on +Add or Create machine – Azure Arc (if none exists)
3. Select a Method. I am using the first choice.
a) Add machines using interactive script (One at a time)
b) Add machines at scale (using Service Principal)
4. Choose deployment options to generate the script. You can choose Windows or Linux OS. Add a proxy server and Tags if required and click Generate.
5. The last page has a script generated which you can copy (or download). Example script for my Linux machine is below. This can be used on multiple machines. You do not have to generate a new script each time you onboard a machine.
# Download the installation package
wget https://aka.ms/azcmagent -O ~/install_linux_azcmagent.sh
# Install the hybrid agent
# Run connect command
azcmagent connect --resource-group "rgBrezicky" --tenant-id "********-****-****-****-************" --location "westus2" --subscription-id "********-****-****-****-************"
Once you have your script, whether for Windows or Linux, you will want to execute the script on your servers to onboard them. Connect to the server and launch a command prompt (Bash for Linux, PowerShell for Windows. Execute the script. It may take several minutes depending on server load and network connectivity. After the third line of the script is run, you will be prompted to use Microsoft’s Device login (https://microsoft.com/devicelogin) and enter a device code provided within the command prompt window.
Open a browser and enter the code to authenticate. The browser doesn't need to be running on the server you are onboarding; it could be on another computer such as your laptop. Use your Azure Administrative account when authenticating. Once complete, the server will show up in Azure Arc.
What can I do to my servers with Azure Arc?
At the moment there are three primary tasks that you can do with servers in Azure Arc.
Assign tags and maintain inventory of all servers
Azure Policies can be assigned to Connected machines to provide the same level of consistency and compliance for non-Azure VMs as you do for Azure Virtual machines
The Guest Configuration Agent logs for a Connected Machine are in the following locations:
• Windows - %ProgramFiles%\AzureConnectedMachineAgent\logs\dsc.log
• Linux: - /opt/logs/dsc.log
Log Analytics Monitoring agent can be installed on each Connected machine. Queried data will contain properties specific to the machine, such as ResourceId, which can be used for central log access.
Azure Arc is most certainly going to be a game changer. In a way, this is Microsoft is accepting they may not be able to migrate 100% of infrastructure to Azure as well as acknowledging their competitors such as AWS and even the desire to maintain some on-premises infrastructure. Azure Arc bridges the gap of having multiple on-premises and cloud environments. It will eventually provide a single pane of glass to manage all of your servers no matter where they live. Azure features such as Policy, Cost Management, Security Center, and more will be able to connect and manage all non-Azure VMs in the near future.
Enabling Technologies can help you properly prepare for moving to the cloud based on Microsoft Best Practices and utilizing a secure and productive environment. You can check out more in the Azure section of our website.