Forum Discussion
Onboard Azure Arc at scale during server build
I think I've got a fairly good handle on Azure Arc having read many documents and a few blogs. I like what I see and the potential to deliver many of the benefits of cloud to our datacentres as we move forward with hybrid.
In terms of deployment I'm still unsure if a method exists for incorporating automatic onboarding as part of new server build from an IaC approach. The use of non-interactive deployment at scale can be achieved via the creation of a Service Principal but a service principal requires authentication and leaves the problem of handling secrets during server build as well as periodic secret rotation.
How are others addressing this problem?
MT
Paul
2 Replies
- liorkamrat
Microsoft
Thank you Paul Bendall, a valid question.
Are you referring to something like a managed identity-based solution?
Lior
liorkamrat I guess two parts to my question:
- How are organisations doing this today based on the technology that is currently available?
- Is this something that will be improved going forward?
None of the described onboarding solutions in the Arc documents provided a non-interactive, elegant solution that I have so far discovered.
I'm aware that once Arc is deployed then you can use Managed Identities but that is kind of chicken and egg.
I see the problem as how does Azure (probably more accurately Azure AD) authenticate a new on-prem device to register with Arc? My feeling is either us certificates issued by on-prem AD CS, or a type of hybrid join for servers whereby new servers are projected into Azure AD using Azure AD Connect.
Paul
