In this blog post, we are going to have a look at Azure Arc for IT Pros. Azure Arc allows you to extend Azure management and Azure services to anywhere. Meaning that you can manage and govern resources running across hybrid and multicloud environments, and bring services such as Azure SQL Database and Azure PostgreSQL Hyperscale to your on-premise datacenter, edge location, or other cloud providers. Since Azure Arc can help in many different scenarios. I wanted to summarize how IT Pros, IT Administrators, IT Operators can take advantage of Azure Arc.
Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform. Azure Arc enables you to manage your entire environment, with a single pane of glass, by projecting your existing resources into Azure Resource Manager. You can now manage virtual machines, Kubernetes clusters, and databases as if they are running in Azure. Regardless of where they live, you can use familiar Azure services and management capabilities. Azure Arc enables you to continue using traditional ITOps, while introducing DevOps practices to support new cloud-native patterns in your environment.
Azure Arc Management Overview
This provides you with a single control plane for your hybrid and multicloud environment.
Azure Arc for IT Pros
Let’s have a look at some key Azure Arc scenarios for IT Pros.
Use the Azure Portal to gain central visibility
In hybrid and multicloud environments, it can be difficult for IT Pros to get a central view of all the resources they need to manage. Some of these resources are running in Azure, some on-premsies, at branch offices, or even at other cloud providers. By connecting resources to the Azure Resource Manager using Azure Arc, IT Pro can centrally manage a wide range of resources including Windows and Linux servers, SQL server, Kubernetes clusters, and Azure services running in Azure and outside of Azure.
Azure Arc and Azure resources in the Azure Portal
Organization and Inventory
The single control plane using Azure Resource Manager lets you organize and inventory assets through a variety of Azure scopes, such as management groups, subscriptions, resource groups, and tags.
Azure Arc Tagging
Azure Resource Graph
Establish central visibility in the Azure portal and enable multi-environment search with Azure Resource Graph. This allows you to run queries against the Azure resource graph and provide you with a centralized view of all your resources running in Azure and outside of Azure.
As an IT Pro you want to make sure that only people who need to have access can access to these systems. You can delegate access and manage security policies for resources using role-based access control (RBAC) in Azure. With Azure Arc enabled servers, we are seeing customers removing the local access for administrators and only provide them access to the system in the Azure portal using Azure Arc and Azure Management services. If you run in multiple environments and tenants, Azure Arc also integrated perfectly in Azure Lighthouse. Azure Lighthouse is especially interesting for managed services providers.
Role-based Access Control
One of the major tasks of IT Pros is to make sure that all the systems have the latest updates and patches installed. Often customer spend hours in orchestrating or deploying patched or building automation for their patch management. With Update Management you can manage operating system updates for your Windows and Linux servers. It allows you to schedule and automate patching for your servers.
You do not just want to manage your systems; you also want to monitor them and make sure that you get alerted in case anything is happening which you disrupted your environment and applications. You can monitor your Kubernetes clusters and containers, Linux, and Windows Servers. Azure Monitor provides you with monitoring guest operating system performance and discover application components to monitor their processes and dependencies with other resources the application communicates using VM insights.
Log collection and analytics
Log collection and analytics can be very helpful to an IT Pro in many ways. With Azure Log Analytics you can collect, sort, filter, and analyze your logs centrally.
Change Tracking and Inventory
With change tracking and inventory, you can get an overview about the changes happening in your environment and get an inventory of software installed on your Windows and Linux servers.
Change Tracking and Inventory
You might have managed certificates on your servers using Active Directory and Group Policies for your local environment. In hybrid cloud or mutlicloud environments, servers are often not even domain joined. That can make managing certificates a challenge. With a combination of the Azure AD Managed Identity assigned by the Azure Arc agent and Azure Key Vault you can easily and securely deploy and manage certificates to your Windows and Linux servers.
Running Scripts against servers
As an IT Pro you might need to build some automation or just simply run a script against your server. Using Azure VM extensions for your non-Azure Windows or Linux machine you can simply use the Custom Script Extension to deploy software on your servers or make configuration changes.
Get compliance state
As an IT Pro you want to know if your servers or Kubernetes clusters are compliant with the company policies. Or you are even in charge to make sure that all your systems are configured correctly and secure. This is where Azure Policy Guest Configuration on your Azure Arc enabled servers can help you to make sure that everything is compliant.
Manage your Azure Stack HCI
Azure Stack HCI is a new hyperconverged infrastructure (HCI) operating system delivered as an Azure service that provides the latest security, performance, and feature updates. Azure Stack HCI has Azure Arc build-in and can be managed through the Azure Portal.
Azure Stack HCI Native Integration in to Microsoft Azure
- Learn more about Arc enabled servers, see the following overview
- Learn more about Arc enabled Kubernetes, see the following overview
- Learn more about Arc enabled data services, see the following overview
- Experience Arc enabled services from the Jumpstart proof of concept
Also, check out my video on how to manage your hybrid cloud using Azure Arc on Microsoft Channel 9.
Azure Arc enables IT Professionals such as IT Administrators, Operators, Engineers, and more with the right tooling to manage and operate hybrid and multicloud resources such as Windows and Linux servers, Kubernetes clusters, and other resources. If you have any questions, feel free to leave a comment below.
This blog is part of Azure Week. Check it out for more great content!
About the Author:
My name is Thomas Maurer. I am a Senior Cloud Advocate at Microsoft. I am part of the Azure engineering team and engage with the community and customers around the world. I am located in Switzerland. I am focusing on Microsoft technologies, especially cloud and datacenter solutions based on Microsoft Azure, Azure Stack and Windows Server.
Maurer, T. (2021). Azure Arc for IT Pros. Available at: https://techcommunity.microsoft.com/t5/itops-talk-blog/azure-arc-for-it-pros/ba-p/2347921 [Accessed: 8th July 2021].