Written by Madan Mohan K, Associate Cloud Architect
“#Multicloud and #Hybrid cloud are not things, they are situations you find yourself in when trying to solve business problems”
In the recent past, the most organization started clinging to hybrid and multi-cloud approach. Many enterprises still face a sprawl of resources spread across multiple datacentres, clouds, and edge locations. Enterprise customers keep looking for a cloud-native control plane to inventory, organize, and enforce policies for their IT resources wherever they are, from a central place.
Azure Arc extends the Azure Resource Manager capabilities to Linux and Windows servers, and Kubernetes clusters on any infrastructure across on-premises, multi-cloud, and the edge. Organizations can use Azure Arc to run Azure data services anywhere, which includes always up-to-date data capabilities, deployment in seconds, and dynamic scalability on any infrastructure. We will have a close look at Azure Arc for Servers is currently in preview.
Azure Arc for Servers:
Using Azure Arc for servers, managing machines that are hosted outside of Azure (on-premise & other cloud providers). When these types of machines are connected to Azure using Azure Arc for servers, they become Connected Machines, and they will be treated as native resources in Azure. Each Connected machine will get a Resource ID during registration in Azure and it will be managed as part of a Resource group inside an Azure subscription. This will enable the ability to benefit from Azure features and capabilities, such as Azure Policies, and tagging.
For each machine that you want to connect to Azure, an agent package needs to be installed. Based on how recently the agent has checked in, the machine will have a status of Connected or Disconnected. If a machine has not checked-in within the past 5 minutes, it will show as Disconnected until connectivity is restored. This check-in is called a heartbeat. The Azure Resource Manager service limits are also applicable to Azure Arc for server, which means that there is a limit of 800 servers per resource group.
Supported Operating Systems:
The following versions of the Windows and Linux operating system are officially supported for the Azure Connected Machine agent:
- Windows Server 2012 R2 and higher
- Ubuntu 16.04 and 18.04
Networking Requirements on Remote Firewall:
The Connected Machine agent for Linux and Windows communicates outbound securely to Azure Arc over TCP port 443. During installation and runtime, the agent requires connectivity to Azure Arc service endpoints. If outbound connectivity is blocked by the firewall, make sure that the following URLs and Service Tags are not blocked:
|Domain Environment||Azure Service Endpoints|
|management.azure.com||Azure Resource Manager|
|login.windows.net||Azure Active Directory|
|*.his.hybridcompute.azure-automation.net||Hybrid Identity Service|
Register Azure resource providers:
Azure Arc for servers depends on the following Azure resource providers in your subscription in order to use this service:
First, we need to register the required resource providers in Azure. Therefore, take the following steps:
Navigate to the Azure portal at https://portal.azure.com/
Log in with administrator credentials
Registration can be done either using Azure Portal or Powershell
Using Azure Portal:
Using Azure Powershell:
Register-AzResourceProvider -ProviderNamespace Microsoft.HybridCompute
Register-AzResourceProvider -ProviderNamespace Microsoft.GuestConfiguration
In this case, we will be using Powershell to register the resource providers
Note: The resource providers are only registered in specific locations.
Connect the on-premise/cloud machine to Azure Arc for Servers:
There are two different ways to connect on-premises machines to Azure Arc.
- Download a script and run it manually on the server.
- Using PowerShell for adding multiple machines using a Service Principal.
When adding the single server, the best approach is to use the download script and run manually method. To connect the machine to Azure, we need to generate the agent install script in the Azure portal. This script is going to download the Azure Connected Machine Agent (AzCMAgent) installation package, install it on the on-premises machine and register the machine in Azure Arc.
Generate the agent install script using the Azure portal:
To generate the agent, install script, take the following steps:
Navigate to the Azure portal and type Azure Arc
Use https://aka.ms/hybridmachineportal instead of Azure Portal
Click on +Add.
Select Add machines using an interactive script:
Keep the defaults in Basic Pane and click on Review and generate the script.
Connect the GCP machine to Azure Arc:
To connect the GCP machine to Azure Arc, we first need to install the agent on the GCP machine. Therefore, take the following steps
Open Windows PowerShell ISE as an administrator. Paste the script, that is generated in the previous step in PowerShell, in the window and execute it.
A registration code is received during the execution of the script
Navigate to https://microsoft.com/devicelogin Paste in the code from PowerShell and click Next
A confirmation message is displayed stating that the device is registered in Azure Arc
Validation in Azure Portal:
Now when navigating to the Azure Arc in Azure Portal we can see the GCP VM is onboarded and the status shows connected.
Managing the machine in Azure Arc:
To manage the machine from Azure, click on the machine in the overview blade
In the overview blade, it offers to add tags to the machine. Furthermore, it offers to Manage access and apply policies to the machine.
Azure Arc acts as a centralized cloud-native control plane to inventory, organize, and enforce policies for IT resources wherever they are. With an introduction to Azure Arc, an organization can enjoy the full benefits of managing its hybrid environment and it also offers the ability to innovate using cloud technologies.