Skip to content
BG Azure Arc
Benjamin GrausOct 31, 2024 2:00:39 PM5 min read

Azure Arc: The Future of Hybrid Cloud Management

Azure Arc The Future of  Hybrid Cloud Management

In today's IT landscape, dominated by hybrid and multi-cloud environments, organizations face the challenge of efficiently managing resources across diverse platforms. Azure Arc offers an innovative solution by extending Azure management capabilities to on-premises and multi-cloud resources, providing a unified platform for seamless operations. 

Services of Azure Arc 

Azure Arc offers a wide array of functionalities that extend beyond basic resource management and therefore simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform. 

At the moment you can manage the following resource types using Azure Arc: 

  • Arc-enabled servers (Windows and Linux Servers) 
  • Arc-enabled Kubernetes (Any certified Cloud) 
  • Arc-enabled data services (SQL, SQL MI, PostgreSQL (Preview)) 
  • Azure Arc Resource Bridge 
      - Arc-enabled VMware vSphere 
      - Arc-enabled System Center VMM 
      - Azure Stack HCI (VM Management)  

Once onboarded your system using one of the mentioned services, you can manage your resources using familiar tools like Azure Portal, Azure Policy, CloudShell and others.  

Azure Arc management control plane diagram

Let’s use the example of a onboarded on-premises virtual machine, here is a list of some services you can use with it: 

Feature 

Description 

Key Capabilities 

Inventory and Resource Management 

Centrally manage all your onboarded servers within the Azure Portal, regardless of their physical location (on-premises, other clouds). 

- Unified Visibility: View all servers in one place. 
- Tagging: Organize resources with tags. 
- Resource Groups: Group servers logically. 
- Search and Filter: Easily locate resources based on criteria. 

Azure Policy Enforcement 

Apply and enforce governance policies across your hybrid environment to ensure compliance with corporate or regulatory standards. 

- Compliance Assessment: Evaluate compliance status. 
- Policy Assignment: Apply built-in or custom policies. 
- Remediation: Automate remediation tasks. 
- Audit Logs: Track policy compliance over time. 

Monitoring and Insights (Azure Monitor) 

Collect and analyze logs and metrics from onboarded servers to monitor performance and health. 

- Performance Metrics: CPU, memory, disk, network usage. 
- Log Analytics: Centralize and analyze logs. 
- Alerts: Set up alerts for specific conditions. 
- Dashboards: Visualize data with customizable dashboards. 

Update Management (Azure Update Manager) 

Manage operating system updates for Windows and Linux servers from a central location. 

- Update Assessment: Determine missing updates. 
- Scheduling: Schedule update deployments. 
- Compliance Reporting: View update compliance status. 
- Automation: Automate update processes. 

Configuration Management 

Ensure servers are configured consistently using Desired State Configuration (DSC) and Azure Automation State Configuration. 

- State Enforcement: Define and enforce configurations. 
- Change Tracking: Monitor configuration changes. 
- Automation Scripts: Use PowerShell scripts for automation. 
- Compliance Reporting: Check configuration compliance across servers. 

Run Command 

Remotely execute scripts or commands on the onboarded servers directly from the Azure Portal. 

- Ad-hoc Scripting: Run scripts without needing direct access. 
- Troubleshooting: Perform diagnostics remotely. 
- Task Automation: Automate repetitive tasks. 
- Secure Execution: Commands are executed over a secure channel. 

Guest Configuration 

Audit and enforce configurations inside the guest OS using Azure Policy Guest Configuration. 

- Policy Compliance: Check OS settings against policies. 
- Remediation: Automatically correct non-compliant settings. 
- Detailed Reporting: See which servers are compliant. 
- Custom Policies: Create custom configuration policies as needed. 

Extensions Management 

Deploy and manage Azure VM extensions on onboarded servers to add functionality. 

- Custom Script Extension: Run custom scripts on servers. 
- Diagnostic Extensions: Collect diagnostics data. 
- Management Extensions: Install management agents. 
- Automation: Streamline deployment of extensions across multiple servers. 

 

WSUS retirement and the role of Azure Arc: 

As you surely already know, Microsoft recently announced that the good old WSUS will be retired, and it is time to look for a replacement. 

Azure Update Manager is a service that helps manage and govern updates for all machines, and therefore also for onboarded VMs using Azure Arc.  

Once a VM (Windows or Linux) is available in Azure using Arc, you can onboard it also within Azure Update Manager. 

With Azure Update Manager, you can: 

  • Control and distribute security or critical updates to protect machines. 
  • Enable periodic assessments to check for updates. 
  • Use flexible patching options, such as scheduling updates in custom time windows. 
  • Monitor update compliance for all machines, including hybrid or other cloud environments connected via Azure Arc. 

Note: 

One concern for enterprises using AUM is bandwidth, as each server is downloading the updates directly from the internet. So, in some cases it might be worthwhile considering Microsoft Connected Cache. 

Another relevant aspect is the cost associated with Azure Update Manager for servers managed through Azure Arc. While the service is free for systems hosted on Azure, servers enabled for Azure Arc are priced by around €4,48 per server per month.  

Anyway, there are situations where the Azure Update Management functionality is already covered, like: 

  • Enabled for Extended Security Updates (ESU). 
  • Managed through Defender for Servers Plan 2. 
  • Hosted on Azure Stack HCI, when these machines are enabled for Azure benefits and managed via Azure Arc. 

thumbnail image 1 of blog post titled 
 
 
  
 
 
 
    
  
   
    
      
       Generally Available: Azure Update Manager

What is Guest Configuration for Azure Arc enabled Servers?  

If you are familiar with Azure Policy, you already know the huge possibilities of this tools. 

With the help of Arc, you can expand this functionality across your on-premises (or other cloud) servers. There are already over 50 built-in Azure Policies ready to use for Arc-enabled servers. You can assign them like any other Azure Policies, and of course you have a tracking about the compliance state.  

A screenshot of a computer

Description automatically generatedUnder the hood: the Azure Connected Machine Agent 

The Azure Connected Machine agent is the core component that connects your external servers to Azure. This agent must be installed on each server you wish to manage through Azure Arc. The agent sends a heartbeat every 5 minutes to the Azure platform, if no heartbeat is received within a specific period, the server will be marked as offline. The Azure Connected Machine agent is a combination of four services that run on your server. With the help of this services, your desired configurations like extensions for example will be applied to the VMs. 

Diagram architecure yang menjelaskan bagaimana agen Azure Connected Machine berfungsi.

Conclusion: 

Azure Arc is vital because it enables centralized management and governance of your entire IT infrastructure—whether on-premises, multi-cloud, or at the edge—using familiar Azure tools. By unifying operations, enhancing security and compliance, and allowing consistent deployment across diverse environments, Azure Arc simplifies complexity and is a strategic solution worth considering for modern IT management. 

In this post I only talked about 2 features of Azure Arc, but there is a lot more it can do for you. 

At no extra cost you will receive some base functionality, but it is important to consider that comprehensive feature come with some extra costs. 

avatar

Benjamin Graus

Azure & Modern Workplace Expert

VERWANDTE ARTIKEL