Azure ARC: Server Management in Hybrid Environments
One of the elements that is being implemented the most in companies and organizations according to different studies of Cloud adoption initiatives is the governance of Cloud services.
Many of these companies and organizations have hybrid environments with machines in different Cloud providers or with machines and services in their local infrastructure. That is, they have hybrid environments. So then, if we have that variety of environments, what governance tools do we use? Microsoft announced Azure ARC at the end of 2019, a way to bring the governance and management of Azure services to hybrid environments.
The main features that Azure ARC provides are:
- Inventory and organize the resources of a hybrid environment by associating Azure tools such as inventory, resource groups, subscriptions, management groups and labels.
- Governance through the application of Azure services such as policies, security center and role-based access control. Azure Resource Graph integration.
- Azure deployment and operational tools such as Azure Monitor, Azure update, and Github integration.
- Unified management experience and access to all resources through the Azure portal, API, SDK, CLI or Powershell.
Among the three elements that today we can configure within the Azure ARC service is the administration of servers. This will allow us to manage physical or virtual servers regardless of whether they are on-premise servers or in other public clouds. Azure ARC takes advantage of the capabilities of Azure Resource Manager to extend them to local or multi-cloud servers, thus being able to have elements such as labelling, Policies, RBAC or extensions.
Azure ARC requires the installation of a local agent "Azure Connected Machine" on each of the machines that are planned to connect to Azure. When this agent is deployed and registered, this appliance becomes a hybrid machine and is treated as an Azure resource, allowing you, for example, to apply Azure Policies.
We are going to do a small deployment of Azure ARC on a local VM. For this, we are going to enable Azure ARC in our subscription and then we are going to the option to manage servers.
We will add the machines through a script provided by the Azure ARC assistant itself. For massive installations the procedure can be consulted here.
We generate the Script.
You need to register and enable subscription registration for the servers. This will cause that when we execute the script a code will be generated to register the machine from a URL.
We see the code of the generated script, verifying that everything is correct and we download it.
Now we are going to go to a machine, in this case a local physical machine, and we are going to execute the script.
It tells us to navigate to the URL https://microsoft.com/devicelogin and enter the generated code. With this, we register the machine in Azure ARC.
After finished the executing of the script, we go to the portal. We can see how the machine we have just registered already appears.
Once we have the machine, we will see what we can do with it. The first thing we see in the Overview is the data of the machine itself, in the same way as if it were an Azure machine.
But the interesting thing is to see what we can do with this machine. For example, we can add extensions as a dependency or monitoring agent. Today there are 6 possible extensions that we can deploy:
- Custom Script Extension for Linux – Azure Arc.
- DSCForLinux extension para Ubuntu.
- OMS Agent for Linux – Azure Arc.
- Custom Script Extension para Windows – Azure Arc.
- PowerShell Desired State Configuration – Azure Arc.
- Microsoft Monitoring Agent -Azurer ARC.
We can add locks or apply directives to it as if it were a machine in Azure and in this way unify the control of machine requirements between Azure and On-Premise.
Another common element in our Azure servers is the monitoring and management of logs. With the extensions deployed within the machine we can use Azure Logs or Insight to monitor our VM or applications.
Finally, three additional elements, update management, inventory and change session in the machines. Although the Azure portal does not allow us to do it (in the preview version it is not available yet), if we create an automation account and from it we activate the tracking and inventory of the server to our Analytics log we can activate change management and inventory as we see below.
In the same way, we activate the update management.
And we obtain after some time an inventory of applications and tracking of our machine.