Forum Discussion
Azure Arc Gateway and Azure Arc Proxy
Hi,
I had an internal discussion regarding the purpose of the Azure Proxy.
Can the Azure Arc Proxy
A) take over the communication of other VMs, servers or Arc Agents that cannot access the internet. In other words, the Arc Proxy is a proxy for other Arc Agents on other servers.
B) or does the Azure Arc Proxy only serve as a proxy on the VM itself for the extensions installed on the same machine, thus simplifying communication of the individual servers over an enterprise proxy server and reducing the URLs that need to be whitlisted.
I think the graphic can be misinterpreted
https://learn.microsoft.com/en-us/azure/azure-arc/servers/arc-gateway?tabs=portal
I would be grateful for a brief confirmation and clarification.
Many thanks in advance
See my comment on below:
A) Proxy for Other Arc Agents
- No, the Azure Arc Proxy does not act as a proxy for other VMs, servers, or Arc Agents on other machines. It is designed to work locally on the machine where it is installed.
B) Proxy for Extensions on the Same Machine
- Yes, the Azure Arc Proxy simplifies communication for extensions installed on the same machine. It reduces the number of URLs that need to be whitelisted in enterprise environments, ensuring secure and streamlined connectivity.
2 Replies
🔹 Public Endpoint Options – 4 Scenarios
- Proxy without Azure Arc Gateway – Suitable for environments with enterprise proxies and no direct internet access. However, managing URL whitelists can be a burden.
- Proxy with Azure Arc Gateway – Adds flexibility and centralizes traffic, but still requires proxy configuration.
- Azure Arc Gateway without Proxy – Ideal for environments that can route traffic directly through the gateway.
- Direct Connection – Simplest setup, best for modern environments with full internet access and Zero Trust architecture.
If you want to understand my view on this there are details, architectural diagrams and recommendations based: https://hartiga.de/azure/best-connection-to-azure-arc-enable-a-server/See my comment on below:
A) Proxy for Other Arc Agents
- No, the Azure Arc Proxy does not act as a proxy for other VMs, servers, or Arc Agents on other machines. It is designed to work locally on the machine where it is installed.
B) Proxy for Extensions on the Same Machine
- Yes, the Azure Arc Proxy simplifies communication for extensions installed on the same machine. It reduces the number of URLs that need to be whitelisted in enterprise environments, ensuring secure and streamlined connectivity.
