Contents

Azure Arc Documentation

Overview
About Azure Arc
Arc enabled servers >
Arc enabled Kubernetes >
Arc enabled data services (preview) >
Arc enabled SQL Server (preview) >
 Azure Arc overview
9/22/2020 • 2 minutes to read • Edit Online

Today, companies are struggling to control and govern an environment that becomes more and more complex.
These environments extend across data centers, multiple clouds, and edge. Each environment and cloud have its
own set of disjointed management tools that you need to learn and operate.
In parallel, new DevOps and ITOps operational models are hard to implement, as existing tools fail to provide
support for new cloud native patterns.
Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises
management platform. Azure Arc enables you to manage your entire environment, with a single pane of glass, by
projecting your existing resources into Azure Resource Manager. You can now manage virtual machines,
Kubernetes clusters, and databases as if they are running in Azure. Regardless of where they live, you can use
familiar Azure services and management capabilities. Azure Arc enables you to continue using traditional ITOps,
while introducing DevOps practices to support new cloud native patterns in your environment.

Today, Azure Arc allows you to manage the following resource types hosted outside of Azure:
Servers - both physical and virtual machines running Windows or Linux.
Kubernetes clusters - supporting multiple Kubernetes distributions.
Azure data services - Azure SQL Database and PostgreSQL Hyperscale services.

What does Azure Arc deliver?

Key features of Azure Arc include:
Implement consistent inventory, management, governance, and security for your servers across your
environment.
Configure Azure VM extensions to use Azure management services to monitor, secure, and update your
servers.
Manage and govern Kubernetes clusters at scale.
Use GitOps-based configuration as code management to deploy applications and configuration across one
or more clusters directly from source control, such as GitHub.
Zero touch compliance and configuration for your Kubernetes clusters using Azure Policy.
Run Azure data services on any Kubernetes environment, specifically Azure SQL Managed Instance and
 Azure Database for PostgreSQL Hyperscale, with benefits such as upgrades/updates, security, and
monitoring as if it runs in Azure. Leverage elastic scale, apply updates, without any application downtime,
even if it doesn't have a continuous connection to Azure.
A unified experience viewing your Azure Arc enabled resources whether you are using the Azure portal, the
Azure CLI, Azure PowerShell, or Azure REST API.

How much does Azure Arc cost?

The following are pricing details for the features available today with Azure Arc.
Arc enabled servers
In the current preview phase, Azure Arc enabled servers is offered at no additional cost.
Any Azure service that is used on Arc enabled servers, for example Azure Security Center or Azure Monitor, will be
charged as per the pricing for that service. For more information, see Azure pricing page.
Azure Arc enabled Kubernetes
In the current preview phase, Azure Arc enabled Kubernetes is offered at no additional cost.
Azure Arc enabled data services
In the current preview phase, Azure Arc enabled data services are offered at no additional cost.

Next steps
To learn more about Arc enabled servers, see the following overview
To learn more about Arc enabled Kubernetes, see the following overview
To learn more about Arc enabled data services, see the following overview
 What is Azure Arc enabled servers?
9/22/2020 • 3 minutes to read • Edit Online

Azure Arc enabled servers allows you to manage your Windows and Linux machines hosted outside of Azure, on
your corporate network or other cloud provider, similar to how you manage native Azure virtual machines. When a
hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Each
connected machine has a Resource ID, is managed as part of a resource group inside a subscription, and benefits
from standard Azure constructs such as Azure Policy and applying tags. Service providers who manage a
customer's on-premises infrastructure can manage their hybrid machines, just like they do today with native Azure
resources, across multiple customer environments, using Azure Lighthouse with Azure Arc.
To deliver this experience with your hybrid machines hosted outside of Azure, the Azure Connected Machine agent
needs to be installed on each machine that you plan on connecting to Azure. This agent does not deliver any other
functionality, and it doesn't replace the Azure Log Analytics agent. The Log Analytics agent for Windows and Linux
is required when you want to proactively monitor the OS and workloads running on the machine, manage it using
Automation runbooks or solutions like Update Management, or use other Azure services like Azure Security
Center.

Supported scenarios
When you connect your machine to Azure Arc enabled servers, it enables the ability to perform the following
configuration management and monitoring tasks:
Assign Azure Policy guest configurations using the same experience as policy assignment for Azure virtual
machines.
Report on configuration changes about installed software, Microsoft services, Windows registry and files,
and Linux daemons on monitored servers using Azure Automation Change Tracking and Inventory.
Monitor your connected machine guest operating system performance, and discover application
components to monitor their processes and dependencies with other resources the application
communicates using Azure Monitor for VMs.
Simplify deployment with other Azure services like Azure Automation State Configuration and Azure
Monitor Log Analytics workspace using the supported Azure VM extensions for your non-Azure Windows or
Linux machine. This includes performing post-deployment configuration or software installation using the
Custom Script Extension.
Use Update Management in Azure Automation to manage operating system updates for your Windows and
Linux servers. First deploy the Hybrid Runbook worker role and then follow the steps to enable Update
Management on your non-Azure Windows or Linux machine.
Include your non-Azure servers for threat detection and proactively monitor for potential security threats
using Azure Security Center.
Log data collected and stored in a Log Analytics workspace from the hybrid machine now contains properties
specific to the machine, such as a Resource ID. This can be used to support resource-context log access.

NOTE
This service supports Azure Lighthouse, which lets service providers sign in to their own tenant to manage subscriptions and
resource groups that customers have delegated.
Supported regions
For a definitive list of supported regions with Azure Arc enabled servers, see the Azure products by region page.
In most cases, the location you select when you create the installation script should be the Azure region
geographically closest to your machine's location. Data at rest will be stored within the Azure geography containing
the region you specify, which may also affect your choice of region if you have data residency requirements. If the
Azure region your machine is connected to is affected by an outage, the connected machine is not affected, but
management operations using Azure may be unable to complete. In the event of a regional outage, if you have
multiple locations that support a geographically redundant service, it is best to connect the machines in each
location to a different Azure region.
Agent status
The Connected Machine agent sends a regular heartbeat message to the service every 5 minutes. If the service
stops receiving these heartbeat messages from a machine, that machine is considered offline and the status will
automatically be changed to Disconnected in the portal within 15 to 30 minutes. Upon receiving a subsequent
heartbeat message from the Connected Machine agent, its status will automatically be changed to Connected .

Next steps
Before evaluating or enabling Arc enabled servers across multiple hybrid machines, review Connected Machine
agent overview to understand requirements, technical details about the agent, and deployment methods.
 What is Azure Arc enabled Kubernetes Preview?
9/22/2020 • 2 minutes to read • Edit Online

You can attach and configure Kubernetes clusters inside or outside of Azure by using Azure Arc enabled Kubernetes
Preview. When a Kubernetes cluster is attached to Azure Arc, it will appear in the Azure portal. It will have an Azure
Resource Manager ID and a managed identity. Clusters are attached to standard Azure subscriptions, are located in
a resource group, and can receive tags just like any other Azure resource.
To connect a Kubernetes cluster to Azure, the cluster administrator needs to deploy agents. These agents run in a
Kubernetes namespace named azure-arc and are standard Kubernetes deployments. The agents are responsible
for connectivity to Azure, collecting Azure Arc logs and metrics, and watching for configuration requests.
Azure Arc enabled Kubernetes supports industry-standard SSL to secure data in transit. Also, data is stored
encrypted at rest in an Azure Cosmos DB database to ensure data confidentiality.

NOTE
Azure Arc enabled Kubernetes is in preview. We don't recommend it for production workloads.

Supported Kubernetes distributions

Azure Arc enabled Kubernetes works with any Cloud Native Computing Foundation (CNCF) certified Kubernetes
cluster such as AKS-engine on Azure, AKS-engine on Azure Stack Hub, GKE, EKS and VMware vSphere cluster.
Azure Arc enabled Kubernetes features have been tested by the Arc team on following distributions:
RedHat OpenShift 4.3
Rancher RKE 1.0.8
Canonical Charmed Kubernetes 1.18
AKS Engine
AKS Engine on Azure Stack Hub
Cluster API Provider Azure

Supported scenarios
Azure Arc enabled Kubernetes supports these scenarios:
Connect Kubernetes running outside of Azure for inventory, grouping, and tagging.
Deploy applications and apply configuration by using GitOps-based configuration management.
Use Azure Monitor for containers to view and monitor your clusters.
Apply policies by using Azure Policy for Kubernetes.

NOTE
This service supports Azure Lighthouse, which lets service providers sign in to their own tenant to manage subscriptions and
resource groups that customers have delegated.
Supported regions
Azure Arc enabled Kubernetes is currently supported in these regions:
East US
West Europe

Next steps
Connect a cluster
 What are Azure Arc enabled data services (preview)?
9/22/2020 • 2 minutes to read • Edit Online

Azure Arc makes it possible to run Azure data services on-premises, at the edge, and in public clouds using
Kubernetes and the infrastructure of your choice.
Currently, the following Azure Arc enabled data services are available in preview:
SQL Managed Instance
PostgreSQL Hyperscale

NOTE
As a preview feature, the technology presented in this article is subject to Supplemental Terms of Use for Microsoft Azure
Previews.

Always current
Azure Arc enabled data services such as Azure Arc enabled SQL managed instance and Azure Arc enabled
PostgreSQL Hyperscale receive updates on a frequent basis including servicing patches and new features similar to
the experience in Azure. Updates from the Microsoft Container Registry are provided to you and deployment
cadences are set by you in accordance with your policies. This way, on-premises databases can stay up to date while
ensuring you maintain control. Because Azure Arc enabled data services are a subscription service, you will no
longer face end-of-support situations for your databases.

Elastic scale
Cloud-like elasticity on-premises enables you to scale you databases up or down dynamically in much the same
way as they do in Azure, based on the available capacity of your infrastructure. This capability can satisfy burst
scenarios that have volatile needs, including scenarios that require ingesting and querying data in real time, at any
scale, with sub-second response time. In addition, you can also scale out database instances using the unique hyper
scale deployment option of Azure Database for PostgreSQL Hyperscale. This capability gives data workloads an
additional boost on capacity optimization, using unique scale-out reads and writes.

Self-service provisioning
Azure Arc also provides other cloud benefits such as fast deployment and automation at scale. Thanks to
Kubernetes-based orchestration, you can deploy a database in seconds using either GUI or CLI tools.

Unified management
Using familiar tools such as the Azure portal, Azure Data Studio, and the Azure Data CLI, you can now gain a unified
view of all your data assets deployed with Azure Arc. You are able to not only view and manage a variety of
relational databases across your environment and Azure, but also get logs and telemetry from Kubernetes APIs to
analyze the underlying infrastructure capacity and health. Besides having localized log analytics and performance
monitoring, you can now leverage Azure Monitor for comprehensive operational insights across your entire estate.

Disconnected scenario support

Many of the services such as self-service provisioning, automated backups/restore, and monitoring can run locally
in your infrastructure with or without a direct connection to Azure. Connecting directly to Azure opens up
additional options for integration with other Azure services such as Azure Monitor and the ability to use the Azure
portal and Azure Resource Manager APIs from anywhere in the world to manage your Azure Arc enabled data
services.

Next steps
Just want to tr y things out?
Get started quickly with Azure Arc Jumpstart on Azure Kubernetes Service (AKS), AWS Elastic Kubernetes
Service (EKS), Google Cloud Kubernetes Engine (GKE) or in an Azure VM.

Install the client tools

Create the Azure Arc data controller (requires installing the client tools first)
Create an Azure SQL managed instance on Azure Arc (requires creation of an Azure Arc data controller first)
Create an Azure Database for PostgreSQL Hyperscale server group on Azure Arc (requires creation of an Azure Arc
data controller first)