cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Onboard Azure Arc at scale during server build

Paul Bendall
Iron Contributor

‎Aug 23 2021 01:04 PM

‎Aug 23 2021 01:04 PM

Onboard Azure Arc at scale during server build

I think I've got a fairly good handle on Azure Arc having read many documents and a few blogs. I like what I see and the potential to deliver many of the benefits of cloud to our datacentres as we move forward with hybrid.

 

In terms of deployment I'm still unsure if a method exists for incorporating automatic onboarding as part of new server build from an IaC approach. The use of non-interactive deployment at scale can be achieved via the creation of a Service Principal but a service principal requires authentication and leaves the problem of handling secrets during server build as well as periodic secret rotation.

How are others addressing this problem?

MT

Paul

1,020 Views
1 Like
2 Replies
Reply
2 Replies
liorkamrat

‎Aug 23 2021 02:36 PM

‎Aug 23 2021 02:36 PM

Re: Onboard Azure Arc at scale during server build

Thank you @Paul Bendall, a valid question. 

 

Are you referring to something like a managed identity-based solution? 

 

Lior

0 Likes
Reply
Paul Bendall

‎Aug 24 2021 01:22 AM

‎Aug 24 2021 01:22 AM

Re: Onboard Azure Arc at scale during server build

@liorkamrat I guess two parts to my question:

  1. How are organisations doing this today based on the technology that is currently available?
  2. Is this something that will be improved going forward?

None of the described onboarding solutions in the Arc documents provided a non-interactive, elegant solution that I have so far discovered.

 

I'm aware that once Arc is deployed then you can use Managed Identities but that is kind of chicken and egg.

I see the problem as how does Azure (probably more accurately Azure AD) authenticate a new on-prem device to register with Arc? My feeling is either us certificates issued by on-prem AD CS, or a type of hybrid join for servers whereby new servers are projected into Azure AD using Azure AD Connect.

Paul

0 Likes
Reply