3 min read
Azure Arc: Manage Resources Anywhere
Azure Arc extends Azure management to any infrastructure. On-premises servers, Kubernetes clusters, SQL instances—managed through the Azure control plane.
Arc-Enabled Services
- Servers: Windows and Linux machines
- Kubernetes: Any conformant K8s cluster
- SQL Server: On-premises SQL instances
- Data Services: Azure SQL MI and PostgreSQL anywhere
Arc-Enabled Servers
# Download and run the onboarding script
wget https://aka.ms/azcmagent-linux
chmod +x azcmagent-linux
# Connect to Azure Arc
./azcmagent connect \
--resource-group myRG \
--location eastus \
--subscription-id {sub-id} \
--tenant-id {tenant-id} \
--service-principal-id {sp-id} \
--service-principal-secret {secret}Arc-Enabled Kubernetes
# Install connectedk8s extension
az extension add --name connectedk8s
# Connect cluster
az connectedk8s connect \
--name my-onprem-cluster \
--resource-group myRG \
--location eastus
# Verify connection
az connectedk8s show \
--name my-onprem-cluster \
--resource-group myRGGitOps with Flux
# Create GitOps configuration
az k8s-configuration flux create \
--name cluster-config \
--cluster-name my-onprem-cluster \
--resource-group myRG \
--cluster-type connectedClusters \
--scope cluster \
--namespace flux-system \
--url https://github.com/myorg/k8s-config \
--branch main \
--kustomization name=infra path=./infrastructure prune=true \
--kustomization name=apps path=./apps prune=true depends_on=["infra"]Azure Policy for Arc
# Assign policy to Arc-enabled servers
az policy assignment create \
--name "audit-ssh-posture" \
--policy "audit-linux-ssh-settings" \
--scope "/subscriptions/{sub}/resourceGroups/myRG"Arc-Enabled SQL Server
# Register SQL Server with Arc
az sql server-arc create \
--name sql-onprem-001 \
--resource-group myRG \
--location eastus \
--license-type Paid \
--cores-limit 8Benefits:
- Azure Defender for SQL (threat detection)
- Azure Policy guest configurations
- Inventory and assessment
- Best practices recommendations
Arc Data Services
Run Azure data services anywhere:
# Create data controller
az arcdata dc create \
--name arc-dc \
--resource-group myRG \
--location eastus \
--connectivity-mode indirect \
--namespace arc
# Deploy SQL Managed Instance
az sql mi-arc create \
--name sql-mi-arc \
--resource-group myRG \
--location eastus \
--data-controller-name arc-dc \
--cores-limit 4 \
--memory-limit 8GiVM Extensions on Arc Servers
# Install Log Analytics agent
az connectedmachine extension create \
--machine-name my-server \
--resource-group myRG \
--name MicrosoftMonitoringAgent \
--type MicrosoftMonitoringAgent \
--publisher Microsoft.EnterpriseCloud.Monitoring \
--settings '{"workspaceId":"xxx"}' \
--protected-settings '{"workspaceKey":"xxx"}'Unified Operations
┌─────────────────────────────────────────────────┐
│ Azure Portal │
│ (Single pane of glass) │
├─────────────────────────────────────────────────┤
│ │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │ Azure │ │ On-Prem │ │ AWS │ │
│ │ VMs │ │ Servers │ │ EC2 │ │
│ └─────────┘ └─────────┘ └─────────┘ │
│ │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │ AKS │ │ VMware │ │ EKS │ │
│ │ │ │ K8s │ │ │ │
│ └─────────┘ └─────────┘ └─────────┘ │
└─────────────────────────────────────────────────┘Azure Arc: your hybrid cloud, unified.