PaaS Azure ARC

Azure Arc Unleashed: A Journey into Hybrid Cloud Management - Part 1 of 5

Azure Arc, the overview

Welcome to the first installment of our five-part series exploring Azure Arc, Microsoft’s innovative solution for seamless hybrid and multi-cloud management. In this series, we’ll dive deep into how Azure Arc can transform your infrastructure management, starting with an introduction to its features, use cases, and pricing. Plus, we’ll walk through onboarding a Windows virtual machine using a PowerShell script. Let’s embark on this journey!

Introduction to Azure Arc

In today’s dynamic IT landscape, organizations often juggle resources across on-premises datacenters, multiple clouds, and edge environments. Azure Arc bridges these diverse infrastructures, extending Azure management and services to any environment. It enables you to manage and govern workloads consistently, regardless of where they run.

Key Features

  • Unified Management: Manage Windows and Linux servers, Kubernetes clusters, and applications from a single pane of glass.
  • Azure Services Anywhere: Deploy Azure data services on-premises, at the edge, or in multi-cloud environments.
  • Consistent Deployment: Use infrastructure-as-code tools like ARM templates, Terraform, or Pulumi for consistent deployments.
  • Enhanced Security and Compliance: Apply Azure policies and role-based access control (RBAC) universally across your resources.
  • Automation and DevOps Integration: Integrate with CI/CD pipelines and utilize GitOps for Kubernetes configurations.

Use Cases

  • Hybrid Server Management: Centrally manage servers across on-premises, Azure, and other cloud providers.
  • Kubernetes Management: Govern Kubernetes clusters anywhere using Azure tools and services.
  • Data Services Deployment: Run Azure SQL Managed Instance and PostgreSQL Hyperscale on any infrastructure.
  • Governance and Compliance: Enforce organizational standards and assess compliance at scale.
  • Edge Computing: Extend cloud capabilities to edge devices for low-latency scenarios.

Pricing Overview

Azure Arc offers flexible pricing based on the resources and services you use:

  • Servers:
    • Azure Arc-enabled Servers: No additional cost for projecting on-premises or other cloud servers into Azure. Charges apply if you enable additional Azure services like Defender for Cloud.
  • Kubernetes Clusters:
    • Azure Arc-enabled Kubernetes: Connecting and inventorying clusters is free. Charges apply when onboarding to Azure Monitor or Azure Policy.
  • Data Services:
    • Azure Arc-enabled Data Services: Billed on a usage-based model, similar to their Azure counterparts, based on vCore consumption.

For detailed and up-to-date pricing information, visit the Azure Arc pricing page.

Onboarding a Windows Virtual Machine Using PowerShell

Bringing your existing Windows VMs under Azure Arc management is straightforward. Here’s how you can onboard a Windows virtual machine using a PowerShell script.

Prerequisites

  • Azure Account: An active Azure subscription.
  • Azure CLI: Installed on your local machine.
  • PowerShell: Version 5.1 or higher on the Windows VM.
  • Network Access: Outbound connectivity to Azure services (HTTPS port 443).

Installation Guide

1. Register Resource Providers

Ensure the necessary resource providers are registered in your Azure subscription:

1
2
3
4
5
6

# Log in to Azure
Connect-AzAccount

# Register providers
Register-AzResourceProvider -ProviderNamespace "Microsoft.HybridCompute"
Register-AzResourceProvider -ProviderNamespace "Microsoft.GuestConfiguration"

2. Create the Azure ARC Resource Group and prepare the script for download

  • In Azure Portal Search for Azure ARC in the search bar
  • From the overview page click “Add resources”
  • On the next page click “Add/Create” within the block labelled “Machines” and then click “Add a machine”
  • On the new page that has appeared click “Generate script” in the block labelled “Add a single server”
  • Now we are preparing the automated script, you fill in these prompts
    • Subscription
    • Resource Group
    • Region
    • Operating System (this example we are using windows)
    • SQL Server: Connect SQL Server (if your VM has a SQL Instance this will allow ARC to access it)
    • Connectivity Method: Public (This means Azure ARC Agent will communicate over the internet, you can also use a proxy or private endpoint if your environment has these requirements)
  • Now click on “Next”
  • You can setup specific Physical Location Tags which help you to group your resources within ARC before clicking “Next”
  • ARC has now generated a token code and a script which you can extract some key variables and move to the next step (or just copy the script from the portal)

3. Install the Azure Connected Machine Agent

On the Windows VM you wish to onboard:

1
2
3
4
5

# Download the agent installer
Invoke-WebRequest -Uri "https://aka.ms/AzureConnectedMachineAgent" -OutFile "AzureConnectedMachineAgent.msi"

# Install the agent silently
Start-Process msiexec.exe -Wait -ArgumentList '/I AzureConnectedMachineAgent.msi /qn'
  1. Connect the VM to Azure Arc by completing the below in a PowerShell window opened as Administrator
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

# Set the context to your subscription
Set-AzContext -Subscription "SubscriptionName"

# Execute the onboarding
try {
    $env:SUBSCRIPTION_ID = $(Get-AzContext).Subscription.Id;
    $env:RESOURCE_GROUP = "YourResourceGroupName"; # Make sure you update this to the resource group you want your Arc endpoints to be added to
    $env:TENANT_ID = $(Get-AzContext).Tenant.id;
    $env:LOCATION = $(Get-AzResourceGroup -Name $env:RESOURCE_GROUP).Location;
    $env:AUTH_TYPE = "token";
    $env:CORRELATION_ID = ""; # Make sure you get this from the previous step
    $env:CLOUD = "AzureCloud";

    [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072;
    Invoke-WebRequest -UseBasicParsing -Uri "https://gbl.his.arc.azure.com/azcmagent-windows" -TimeoutSec 30 -OutFile "$env:TEMP\install_windows_azcmagent.ps1";
    & "$env:TEMP\install_windows_azcmagent.ps1";
    if ($LASTEXITCODE -ne 0) { exit 1; }
    & "$env:ProgramW6432\AzureConnectedMachineAgent\azcmagent.exe" connect --resource-group "$env:RESOURCE_GROUP" --tenant-id "$env:TENANT_ID" --location "$env:LOCATION" --subscription-id "$env:SUBSCRIPTION_ID" --cloud "$env:CLOUD" --correlation-id "$env:CORRELATION_ID";
}
catch {
    $logBody = @{subscriptionId="$env:SUBSCRIPTION_ID";resourceGroup="$env:RESOURCE_GROUP";tenantId="$env:TENANT_ID";location="$env:LOCATION";correlationId="$env:CORRELATION_ID";authType="$env:AUTH_TYPE";operation="onboarding";messageType=$_.FullyQualifiedErrorId;message="$_";};
    Invoke-WebRequest -UseBasicParsing -Uri "https://gbl.his.arc.azure.com/log" -Method "PUT" -Body ($logBody | ConvertTo-Json) | out-null;
    Write-Host  -ForegroundColor red $_.Exception;
}

4. Verify the Connection

In the Azure portal:

  • Navigate to Azure Arc > Servers.
  • Confirm that your Windows VM appears in the list of Arc-enabled servers.

Tips

  • Automation: Incorporate this script into your deployment pipelines for automated onboarding.
  • Tags and Organization: Use tags to organize resources and simplify management.
  • Policies: Apply Azure Policies for governance and compliance across your Arc-enabled servers.

Conclusion

Azure Arc empowers organizations to harness the power of Azure management and services across diverse environments. By unifying operations, enhancing security, and simplifying governance, Azure Arc is redefining hybrid cloud management. Onboarding your Windows virtual machines is a significant first step toward a more streamlined and efficient infrastructure.

Learn More

Enhance your understanding with these Microsoft Learn resources: