Forum Widgets
Latest Discussions
From On-premises Datacenter to Azure Hybrid with Azure Arc for Servers
With Microsoft Azure Arc services you can bring Great Azure features to your on-prem datacenters, or to other Cloud providers. I wrote a #MVPLABSerie Blogposts about the benefits of Azure Hybrid which I like to share with the Tech Community: #MVPLABSerie Azure Hybrid with Arc Enabled Windows Servers on-premises #MVPLABSerie Azure Arc enabled Servers #MVPLABSerie Azure Update Management Center (Preview) and Azure Arc enabled Servers #MVPLABSerie Azure Arc enabled SQL Server Health Assessment #MVPLABSerie Azure Defender for Cloud with Azure Arc enabled SQL Server Security Baseline for Azure Arc enabled Servers and Arc Kubernetes As an IT Specialist of Datacenter(s) and Cloud I really like these Azure hybrid benefits to keep your datacenter up-to-date and secure! Hope this #MVPLABSerie is helpful for you and your Business. Cheers, JamesIntroducing Azure Arc Discussion Space
Azure Arc helps you extend Azure management to any infrastructure and enables deployment of Azure data services anywhere - across on-premises, edge, and multicloud. We created this discussion space for you so that you can discuss Azure Arc enabled servers, Azure Arc enabled Kubernetes, Azure Arc enabled SQL Server, and Azure Arc enabled data services, and also ask questions from us. You will find the product overview of Azure Arc here Azure Arc documentation can be found here. -Marko
LAB: Azure Arc with Private Endpoint
What is Azure Arc? Azure Arc is a set of technologies that extends Azure management and enables Azure services to run across on-premises, multi-cloud, and edge environments. It allows you to manage resources such as servers, Kubernetes clusters, databases, and applications running outside Azure using familiar Azure tools and services like Azure Policy, Azure Monitor, and Defender for cloud. With Azure Arc, you can bring these resources into Azure's control plane, standardize operations, and apply consistent security and governance across your entire IT landscape. This simplifies hybrid and multi-cloud management while leveraging Azure's features, making it easier to innovate and maintain control over your infrastructure. What is Azure Private Endpoint? Azure Private Endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. By using a private IP address from your virtual network, the private endpoint brings the service into your virtual network, ensuring that traffic between your virtual network and the service remains private. This setup eliminates exposure from the public internet, enhancing security. Private endpoints can be used with various Azure services, such as Azure Storage, Azure SQL Database, and Azure Cosmos DB. They provide secure connectivity between clients on your virtual network and the service, using the same connection strings and authorization mechanisms as public endpoint. What are the benefits of configuring private link for your arc machines? Enabling Azure Arc for your machines involves several network and system requirements. Organizations are sometimes concerned about allowing certain public endpoints through their firewall and proxy. In this context, Private Endpoints can be used to ensure that some connections to Azure remain within the Microsoft backbone network. While this service does not eliminate the need for internet connectivity entirely, you will still need to allow public access for Microsoft Entra ID and Azure Resource Manager servers. However, this method significantly reduces the challenge of IP/FQDN whitelisting for internet access. When you create private endpoints in a virtual network for Azure Arc, it will create a resource with Azure Hybrid Compute as the target. Additionally, it will create several private DNS zones and assign them to the private endpoint. The private endpoint will have IPs assigned from the specified virtual network address range. See the screenshot below. These IPs are now directly linked to Azure Arc services, enabling private connectivity through Azure LAB Architectural Diagram LAB Pre-requisites An On-premises machine. (Internet traffic can be directed firewall or proxy for security) On-premises DNS An Azure Subscription VPN/Express-route Connection between On-premises and Azure Infrastructure Understand the Limitations and features The components that will be created as part of LAB A private endpoint which has Hybrid compute as source point Private DNS zones for Azure Arc services A private DNS resolver in Azure. Azure DNS doesnt accesspt dns queries coming from non-azure sources. Hence you need to configure azure private dns zone . You will get a private IP while creating inbound enpoint for resolver. DNS Forwarder need to be created in on-premise DNS to private IP of Azure private DNS resolver's inbound IP Powershell script to onboard machine Azure arc machine : Will be created once on premise machine gets connected to azure arc. Traffic flow There are three kind of traffic flow is involved here. DNS flow: To resolve the domain names of private endpoints Private endpoint flow: Actual traffic to Azure arc services Internet flow: Traffic to Microsoft Entra ID and Azure Resource manager control plane Private endpoint and private DNS Flow Let's suppose the Azure Arc agent initiates traffic to one of the Azure Arc services FQDNs, such as gbl.his.arc.azure.com. On-premises machines need to resolve the FQDN to an IP address, so they send a DNS request to the on-premises DNS server. The DNS forwarder is configured to send *.gbl.his.arc.azure.com DNS queries to the Private DNS resolver configured in Azure. The Private DNS resolver receives the DNS query and resolves it, as these domains are already linked to the virtual network where the resolver resides. Once the on-premises DNS server receives the IP resolution from the Azure DNS resolver, it sends it back to the on-premises machine. Now that the on-premises machine has the IP (private IP), it sends the actual traffic to the IP of the private endpoint. The private endpoint receives the traffic, and since this interface is directly linked to the Azure Arc services (the intended destination), the connectivity is successfully established. Steps: Generate Onboarding script. Private endpoint can be created while generating the script itself. Go to Azure Arc-->Machines-->Create You can select option which best suited for you. I am selecting Add multiple servers. Provide Resource Group,Region,OS details. Create Private endpoint using option provided Provide Virtual Network and subnet for private endpoint Provide or create new service principal. Note secret of service principal Goto Download and run script session. You can copy script and run it directly or you can download script and run it. Please do not forget to update service principal secret in script. You can verify the resources created as part of Private endpoint created There will be three private DNS zones created A private endpoint resource will be created with hybrid compute as target resource Create a private DNS resolver and inbound endpoint in it. Provide necessary details. Add inbound endpoint and click create Note the private IP of inbound endpoint, which is needed to specify DNS forwarder in on-premise Configure DNS forwarder in On-premise DNS Add all three private DNS zone domains Bypass private DNS zone domains (This step is required if you have internet proxy in your infrastructure. Now you are all set to deploy script generated in for onboarding Now you can see the onboarded machine in azure arc portalAzure Local - Design the infrastructure - some bad design choices I have stumbled on
Hi. I wanted to share my lasted blog article where I touch on some of the bad design choices I have stumbled on when working with customers existing Azure Local deployments that broke down or in other ways behaved with poor performance or disruptions. https://www.chkja.dk/2025/07/16/azure-local-design-the-infrastructure/ I hope to inspire and feel free to share your knowledge here in the thread :)
Update servers with Arc, but leave SCCM installed
We have multiple servers that we want to update with Arc instead of SCCM. Want to leave SCCM installed for reporting purposes. We found a few registry keys that point to the on-prem SCCM server. I've tried removing them, but they are reinstalled by the client after a reboot. Is there a clean way to disable this feature so that Arc handles all the monthly updates?Learning Azure with Ofek – Azure Arc
is a solution that simplifies hybrid environment management and it’s free. Azure Arc allows you to manage and govern on-premises resources and resources from other clouds like AWS and GCP directly within your Azure environment. You can connect physical servers, virtual machines, Kubernetes clusters, and SQL Servers, and manage them as if they were native Azure resources. Azure Arc extends Azure capabilities to your on-premises and multi-cloud environments. It enables you to deploy services like Azure Policy, Defender for Cloud, and Azure Monitor easily across environments. You can also centrally manage SQL Server with performance assessments, cloud backups, Azure authentication, and pay-as-you-go licensing. The big advantage is unified management of policies, security, updates, and monitoring from the same Azure interface. From my experience, Azure Arc is ideal for organizations operating in hybrid environments or those still in transition to the cloud. Feel free to reach out for any questions.
Can't install Azure ARC on multiple Server 2025 devices
I have multiple Server 2025 devices that when I click "Launch Azure Arc Setup" button on taskbar icon or "Azure Arc Setup" on start menu nothing happens. I then tried to download arcsetup.exe and it never advanced beyond the initializing Windows Installer screen. I got it to work on one server and 4-5 all have the same problem. Both physical and VM. Below are errors in the event log.
