Introduction:
In this Blog series, we are going to deep dive and see various feature and benefits offered by Azure Arc service.
Customer environments are increasingly opted towards diverse IT infrastructure (Poly/Multi Cloud, On-premises Datacentres, IOT devices and Edge, and other solution models) and due to this shift in paradigm , often there are challenges in management of resources, agile governance and security across the IT estate.
To overcome this challenges for customers and to maintain consistent resource management across various dimensions , Microsoft introduced Azure Arc as a set of technology to help provide a unified management experience across entire IT estate despite the resource object location . Azure Arc enables a single pane of glass view of heterogeneous environment and the ability to govern and manage all these resources in a consistent way.
Azure Arc extends the Azure management feature sets and capabilities to any infrastructure and customers can enable the arc services to manage the below listed resources:
- Servers – Linux and Windows Servers (Physical and Virtual)
- Kubernetes
- Data Services (SQL Managed Instance, SQL server and PostgreSQL) – Preview
- Application Services (App service, Functions and Logic Apps) – Preview
Operations and Workability:
Azure Arc is built on the substructure of ARM (Azure Resource Manager) and this enables the customers to register their resources outside of Azure using combination of agents running to bring under Azure control pane with great ease.
Many of the core features of Azure Resource Manager are enabled by Arc. This includes the Azure Portal, RBAC, Resource Groups, Azure Policy, Search, Tagging and more. Additionally, customers can also use hybrid services such as Azure Monitor, Azure Security Centre, Azure Sentinel etc.
In the upcoming section, we are going to discuss about the operating instructions to enable one of the On-Premises VM (Based on VMware) to bring under Azure Arc management.
Arc Enabled Servers
Currently Azure Arc enabled servers are GA now and available across globally to use and not restricted to any regions. This service offered at no additional cost.
Note: Using of any Azure hybrid management services like (Azure monitor, Automation, etc) will incur billing. No extra costs is only for Azure Arc core control panel functionality.
Lab Setup and Pre-Requisites Information :
The table below depicts about our Lab setup and Prerequires information to enable Arc service on VM based on windows server 2019
Disclaimer : The deployment method can be referenced for any production deployment scenario but its majorly developed for Demo/ educational purpose.
| Category | Value | Notes |
| On-Premises Hypervisor | VMware Workstation | |
| On-Premises VM | Windows Server 2019 with Admin Rights NET Framework 4.6 or later is required and Windows PowerShell 5.1. | Supported OS: Windows and Linux, physical and virtual, domain-joined, and non-domain-joined servers. Currently we officially support Windows Server 2012R2 and higher, Ubuntu 16.04 and 18.04, CentOS Linux 7, SUSE Linux Enterprise Server 15, Red Hat Enterprise Linux 7, and Amazon Linux 2. |
| Subscription | Azure Free with Required Rights for on-boarding Location – AU | Azure Contributor role for the designated Resource Group to on-board only. Refer for more info on Azure Arc required Permissions for other operations: Overview of the Connected Machine agent – Azure Arc | Microsoft Docs |
| Shell | Azure Shell | To execute scripts and other management activities during server on-boarding . This might incur a small billing to your subscription, so please be watchful. |
| Resource Group | Rg-test-arc01 | A dedicated RG for arc enabled servers. Ease of mangmnet. |
| On-Boarding Method to Azure Arc | Manual Installation : Scripted Azure Connection Machine Agent | More Granular Details about the Agent prerequisites refer here : Overview of the Connected Machine agent – Azure Arc | Microsoft Docs |
| Connectivity | The communication to the cloud is outbound and uses HTTPS. The machine just needs access to public Azure endpoints | Private Link connection is on Preview |
| Agent Performance impact on VMs | It’s a lightweight tool which send updates to every 5 minutes to Azure | My personal recommendation is to keep 5% overhead of compute/memory utilization for calculation. |
| Cost | There is no additional cost for onboarding and managing servers using Azure Arc. |
Server On-Boarding Procedure:
Step 1:
Connect to Azure Shell by logging into to https://portal.azure.com/
Step 2:
Register the Azure providers by executing below commands in Azure Shell window.
Step 3:
Next Step is to generate the Installation script to automate the agent installation on On-Prem VM as part of on-boarding Process.
- Goto Azure Portal -> Search –> Servers – Azure Arc –> Add a Single server
This operation will generate a script to run on the target server.
Step 4:
Proceed to further config by clicking “Next: Resource Details” and fill up the required details.
Step 5:
Fill in the details as per the required values to generate a installation script and click next.
Step 6:
Define Tags based on use cases and click on to “Download and run script”. This action will download a PowerShell script to install and configure the Agent based on settings defined in Step 5.
| Note: We are installing the agent manually but there are well documented planner from Microsoft github repo to deploy in scale for various solution. Scale Deployment Example: azure_arc/docs/azure_arc_jumpstart/azure_arc_servers/scaled_deployment at main · microsoft/azure_arc · GitHub |
Step 7:
Execute the downloaded Onboarding script from Step 6 on VMware workstation VM (windows server 2019) and follow the following steps
- Copy the script to server (any folder path)
- Open PowerShell in elevated mode (Admin account)
- Execute the copied script ./OnboardingScript.ps1 and wait for it to complete.
- During the script execution, It will prompt you to login to Azure portal for successful authentication .Please key-in your respective credentials.
- It will take several minutes to complete the registration process and show as registered.
| Note: The Azure Connected Machine agent package contains several logical components, which are bundled together to pass the information through agent. • Azure Subscription ID • Location • Resource Group • Azure Service Principal • Hybrid Instance Metadata and Guest Configuration /Extension Manager The Connected Machine agent cannot be installed on an Azure Windows virtual machine. If you attempt to, the installation detects this and rolls back. |
Step 8:
Verify the on-boarding status in Azure portal. Navigate to “Servers-Azure Arc” from search (Similar to Step 3), we should now see our new machine connected and ready for use.
Since I have taken the screenshot immediately after script execution and registration, The status message is still not reflecting in the below screenshot and showing empty. However in general cases, is should show as connected.
Now that we onboarded the machine in Azure, we can leverage azure control pane and hybrid management services to manged this on-premises VM from Azure poral. In Next blog post, we will discuss about management operations of Arc enabled servers. in detail
Dev's Technical Blog 