In today's IT landscape, dominated by hybrid and multi-cloud environments, organizations face the challenge of efficiently managing resources across diverse platforms. Azure Arc offers an innovative solution by extending Azure management capabilities to on-premises and multi-cloud resources, providing a unified platform for seamless operations.
Services of Azure Arc
Azure Arc offers a wide array of functionalities that extend beyond basic resource management and therefore simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.
At the moment you can manage the following resource types using Azure Arc:
- Arc-enabled servers (Windows and Linux Servers)
- Arc-enabled Kubernetes (Any certified Cloud)
- Arc-enabled data services (SQL, SQL MI, PostgreSQL (Preview))
- Azure Arc Resource Bridge
- Arc-enabled System Center VMM
- Azure Stack HCI (VM Management)
Once onboarded your system using one of the mentioned services, you can manage your resources using familiar tools like Azure Portal, Azure Policy, CloudShell and others.
Let’s use the example of a onboarded on-premises virtual machine, here is a list of some services you can use with it:
Feature |
Description |
Key Capabilities |
Inventory and Resource Management |
Centrally manage all your onboarded servers within the Azure Portal, regardless of their physical location (on-premises, other clouds). |
- Unified Visibility: View all servers in one place. |
Azure Policy Enforcement |
Apply and enforce governance policies across your hybrid environment to ensure compliance with corporate or regulatory standards. |
- Compliance Assessment: Evaluate compliance status. |
Monitoring and Insights (Azure Monitor) |
Collect and analyze logs and metrics from onboarded servers to monitor performance and health. |
- Performance Metrics: CPU, memory, disk, network usage. |
Update Management (Azure Update Manager) |
Manage operating system updates for Windows and Linux servers from a central location. |
- Update Assessment: Determine missing updates. |
Configuration Management |
Ensure servers are configured consistently using Desired State Configuration (DSC) and Azure Automation State Configuration. |
- State Enforcement: Define and enforce configurations. |
Run Command |
Remotely execute scripts or commands on the onboarded servers directly from the Azure Portal. |
- Ad-hoc Scripting: Run scripts without needing direct access. |
Guest Configuration |
Audit and enforce configurations inside the guest OS using Azure Policy Guest Configuration. |
- Policy Compliance: Check OS settings against policies. |
Extensions Management |
Deploy and manage Azure VM extensions on onboarded servers to add functionality. |
- Custom Script Extension: Run custom scripts on servers. |
WSUS retirement and the role of Azure Arc:
As you surely already know, Microsoft recently announced that the good old WSUS will be retired, and it is time to look for a replacement.
Azure Update Manager is a service that helps manage and govern updates for all machines, and therefore also for onboarded VMs using Azure Arc.
Once a VM (Windows or Linux) is available in Azure using Arc, you can onboard it also within Azure Update Manager.
With Azure Update Manager, you can:
- Control and distribute security or critical updates to protect machines.
- Enable periodic assessments to check for updates.
- Use flexible patching options, such as scheduling updates in custom time windows.
- Monitor update compliance for all machines, including hybrid or other cloud environments connected via Azure Arc.
Note:
One concern for enterprises using AUM is bandwidth, as each server is downloading the updates directly from the internet. So, in some cases it might be worthwhile considering Microsoft Connected Cache.
Another relevant aspect is the cost associated with Azure Update Manager for servers managed through Azure Arc. While the service is free for systems hosted on Azure, servers enabled for Azure Arc are priced by around €4,48 per server per month.
Anyway, there are situations where the Azure Update Management functionality is already covered, like:
- Enabled for Extended Security Updates (ESU).
- Managed through Defender for Servers Plan 2.
- Hosted on Azure Stack HCI, when these machines are enabled for Azure benefits and managed via Azure Arc.
What is Guest Configuration for Azure Arc enabled Servers?
If you are familiar with Azure Policy, you already know the huge possibilities of this tools.
With the help of Arc, you can expand this functionality across your on-premises (or other cloud) servers. There are already over 50 built-in Azure Policies ready to use for Arc-enabled servers. You can assign them like any other Azure Policies, and of course you have a tracking about the compliance state.
Under the hood: the Azure Connected Machine Agent
The Azure Connected Machine agent is the core component that connects your external servers to Azure. This agent must be installed on each server you wish to manage through Azure Arc. The agent sends a heartbeat every 5 minutes to the Azure platform, if no heartbeat is received within a specific period, the server will be marked as offline. The Azure Connected Machine agent is a combination of four services that run on your server. With the help of this services, your desired configurations like extensions for example will be applied to the VMs.
Conclusion:
Azure Arc is vital because it enables centralized management and governance of your entire IT infrastructure—whether on-premises, multi-cloud, or at the edge—using familiar Azure tools. By unifying operations, enhancing security and compliance, and allowing consistent deployment across diverse environments, Azure Arc simplifies complexity and is a strategic solution worth considering for modern IT management.
In this post I only talked about 2 features of Azure Arc, but there is a lot more it can do for you.
At no extra cost you will receive some base functionality, but it is important to consider that comprehensive feature come with some extra costs.