Blog Post

ITOps Talk Blog
5 MIN READ

Azure Arc for IT Pros

thomasmaurer's avatar
thomasmaurer
Icon for Microsoft rankMicrosoft
May 12, 2021

In this blog post, we are going to have a look at Azure Arc for IT Pros. Azure Arc allows you to extend Azure management and Azure services to anywhere. Meaning that you can manage and govern resources running across hybrid and multicloud environments, and bring services such as Azure SQL Database and Azure PostgreSQL Hyperscale to your on-premise datacenter, edge location, or other cloud providers. Since Azure Arc can help in many different scenarios. I wanted to summarize how IT Pros, IT Administrators, IT Operators can take advantage of Azure Arc.

 

Azure Arc

Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform. Azure Arc enables you to manage your entire environment, with a single pane of glass, by projecting your existing resources into Azure Resource Manager. You can now manage virtual machines, Kubernetes clusters, and databases as if they are running in Azure. Regardless of where they live, you can use familiar Azure services and management capabilities. Azure Arc enables you to continue using traditional ITOps, while introducing DevOps practices to support new cloud-native patterns in your environment.

Azure Arc Management Overview

This provides you with a single control plane for your hybrid and multicloud environment.

 

Azure Arc for IT Pros

Let's have a look at some key Azure Arc scenarios for IT Pros.

 

Use the Azure Portal to gain central visibility

In hybrid and multicloud environments, it can be difficult for IT Pros to get a central view of all the resources they need to manage. Some of these resources are running in Azure, some on-premsies, at branch offices, or even at other cloud providers. By connecting resources to the Azure Resource Manager using Azure Arc, IT Pro can centrally manage a wide range of resources including Windows and Linux servers, SQL server, Kubernetes clusters, and Azure services running in Azure and outside of Azure.

Azure Arc and Azure resources in the Azure Portal

Organization and Inventory

The single control plane using Azure Resource Manager lets you organize and inventory assets through a variety of Azure scopes, such as management groups, subscriptions, resource groups, and tags.

Azure Arc Tagging

 

Azure Resource Graph

Establish central visibility in the Azure portal and enable multi-environment search with Azure Resource Graph. This allows you to run queries against the Azure resource graph and provide you with a centralized view of all your resources running in Azure and outside of Azure.

 

Manage Access

As an IT Pro you want to make sure that only people who need to have access can access to these systems. You can delegate access and manage security policies for resources using role-based access control (RBAC) in Azure. With Azure Arc enabled servers, we are seeing customers removing the local access for administrators and only provide them access to the system in the Azure portal using Azure Arc and Azure Management services. If you run in multiple environments and tenants, Azure Arc also integrated perfectly in Azure Lighthouse. Azure Lighthouse is especially interesting for managed services providers.

Role-based Access Control

 

Update Management

One of the major tasks of IT Pros is to make sure that all the systems have the latest updates and patches installed. Often customer spend hours in orchestrating or deploying patched or building automation for their patch management. With Update Management you can manage operating system updates for your Windows and Linux servers. It allows you to schedule and automate patching for your servers.

Update Management

 

Monitoring

You do not just want to manage your systems; you also want to monitor them and make sure that you get alerted in case anything is happening which you disrupted your environment and applications. You can monitor your Kubernetes clusters and containers, Linux, and Windows Servers. Azure Monitor provides you with monitoring guest operating system performance and discover application components to monitor their processes and dependencies with other resources the application communicates using VM insights.

Monitoring

 

Log collection and analytics

Log collection and analytics can be very helpful to an IT Pro in many ways. With Azure Log Analytics you can collect, sort, filter, and analyze your logs centrally.

 

Change Tracking and Inventory

With change tracking and inventory, you can get an overview about the changes happening in your environment and get an inventory of software installed on your Windows and Linux servers.

Change Tracking and Inventory

 

Certificate Management

You might have managed certificates on your servers using Active Directory and Group Policies for your local environment. In hybrid cloud or mutlicloud environments, servers are often not even domain joined. That can make managing certificates a challenge. With a combination of the Azure AD Managed Identity assigned by the Azure Arc agent and Azure Key Vault you can easily and securely deploy and manage certificates to your Windows and Linux servers.

 

Security

Making sure that your servers and Kubernetes clusters are secured is often a challenging task, especially in a hybrid or multicloud environment. With Azure Security Center you get threat detection and proactively monitor for potential security threats for your Azure Arc resources. It allows you to deploy Azure Defender for servers and Azure Defender for Kubernetes to your hybrid and multicloud resources.

Security Center

 

Running Scripts against servers

As an IT Pro you might need to build some automation or just simply run a script against your server. Using Azure VM extensions for your non-Azure Windows or Linux machine you can simply use the Custom Script Extension to deploy software on your servers or make configuration changes.

 

Get compliance state

As an IT Pro you want to know if your servers or Kubernetes clusters are compliant with the company policies. Or you are even in charge to make sure that all your systems are configured correctly and secure. This is where Azure Policy Guest Configuration on your Azure Arc enabled servers can help you to make sure that everything is compliant.

Azure Policy

Manage your Azure Stack HCI

Azure Stack HCI is a new hyperconverged infrastructure (HCI) operating system delivered as an Azure service that provides the latest security, performance, and feature updates. Azure Stack HCI has Azure Arc build-in and can be managed through the Azure Portal.

Azure Stack HCI Native Integration in to Microsoft Azure

 

Next steps

  • Learn more about Arc enabled servers, see the following overview

  • Learn more about Arc enabled Kubernetes, see the following overview

  • Learn more about Arc enabled data services, see the following overview

  • Experience Arc enabled services from the Jumpstart proof of concept

Also, check out my video on how to manage your hybrid cloud using Azure Arc on Microsoft Channel 9.

 

 

Conclusion

Azure Arc enables IT Professionals such as IT Administrators, Operators, Engineers, and more with the right tooling to manage and operate hybrid and multicloud resources such as Windows and Linux servers, Kubernetes clusters, and other resources. If you have any questions, feel free to leave a comment below.

 

Updated May 12, 2021
Version 3.0
  • Azure Arc is AWESOME, and it gets better and better each day. Great overview Thomas! Thanks for posting it!

     

    Happy Azure Stacking!!!

  • gilblumberg's avatar
    gilblumberg
    Iron Contributor

    I’ve been looking for info about Arc, and this is awesome. Thank you for sharing/writing it up!

  • LotharMueller's avatar
    LotharMueller
    Brass Contributor

    Very helpfull post for IT Pros. In the Times of copilot, copilot, copilot a welcome article with possibilities driving basics in an server environment by the Microsoft way and much more in the future.