Azure Arc Overview and Onboarding Guide

Azure Arc is a hybrid cloud platform that allows you to manage your resources across multiple environments. It provides a consistent interface to manage and govern your resources, whether they're on-premises, in the cloud, or at the edge.

Azure Arc is built on top of Azure Kubernetes Service (AKS) and allows you to deploy and manage Kubernetes clusters on-premises or in other cloud environments. This enables you to use Azure services and tools to manage your resources, regardless of where they're located.

To get started with Azure Arc, you'll need to onboard your environment, which involves creating an Azure Arc-enabled server and registering it with Azure. This process typically takes around 15-30 minutes to complete.

Once onboarded, you can start using Azure Arc to manage your resources, including deploying and managing Kubernetes clusters, and using Azure services like Azure Monitor and Azure Policy.

Azure Arc is a bridge that extends the Azure platform for building apps and services to run across various data centers, multicloud environments, and the edge. It allows you to develop cloud-native apps on different platforms, including Kubernetes, virtualization, IoT devices, and integrated systems.

With Azure Arc, you can leverage your existing investments and do more with less using cloud-native solutions. This means you can make the most of your current infrastructure and resources.

Azure Arc enables you to build and modernize cloud-native apps on any Kubernetes. This gives you the flexibility to deploy your apps anywhere, without worrying about compatibility issues.

Here are some key benefits of using Azure Arc:

Azure Arc offers a unified experience for viewing your Azure Arc-enabled resources, whether you're using the Azure portal, the Azure CLI, Azure PowerShell, or Azure REST API.

With Azure Arc, you can implement consistent inventory, management, governance, and security for servers across your environment. This means you can have a single, unified way of managing all your servers, no matter where they are located.

Azure Arc supports the deployment of data services like SQL and PostgreSQL as cloud-native services in your preferred environment for data insights. This allows you to get the benefits of cloud-native services without having to move your data to the cloud.

You can use Azure security and governance for applications, data, and infrastructure across diverse environments. This includes features like zero-touch compliance and configuration for Kubernetes clusters using Azure Policy.

Here are some of the key scenarios that Azure Arc supports:

Azure Arc pricing is straightforward and based on the features you use.

Below is pricing information for the features available today with Azure Arc.

The pricing information is available for the features available today, which means you can easily find out how much each feature costs.

Azure Arc's pricing model is designed to be flexible and scalable, so you only pay for what you use.

Pricing varies depending on the feature and usage, so be sure to check the pricing information for the specific features you're interested in.

Azure Arc-enabled servers offer a range of functionality at no extra cost, including resource organization, searching and indexing, access and security, and environments and automation.

You can use Azure services like Microsoft Defender for Cloud or Azure Monitor on Azure Arc-enabled servers, but you'll be charged according to their pricing. For more information, check the Azure pricing page.

Azure Arc-enabled servers can be managed with a consistent experience and familiar tools, making it easier to unify your environments. This includes scaling and automating hybrid cloud and multicloud management, and bringing multilayered protection to any infrastructure.

Azure Arc-enabled servers offer a range of control plane functionality at no extra cost.

Resource organization through Azure management groups and tags is one of the key features, allowing you to easily manage and categorize your resources.

Searching and indexing through Azure Resource Graph is also included, making it simple to find and analyze your resources.

Access and security are taken care of through Azure Role-based access control (RBAC).

Environments and automation can be managed through templates and extensions.

Here's a breakdown of the no-cost control plane functionality offered by Azure Arc-enabled servers:

Azure Arc-enabled VMware vSphere and System Center Virtual Machine Manager offer a range of capabilities at no extra cost. These include all the Azure Arc control plane functionalities that are offered at no extra cost with Azure Arc-enabled servers.

You can get a discovery and single pane of glass inventory view of your VMware vCenter and SCVMM managed estate, including VMs, templates, networks, datastores, clouds/clusters/hosts/resource pools.

Lifecycle operations such as create, resize, update, and delete of VMs are supported, along with power cycle operations like start, stop, and restart. You can also delegate self-service access for these operations using Azure role-based access control (RBAC).

Azure Arc-enabled VMware vSphere and SCVMM VMs can be managed through the Azure portal, CLI, REST APIs, SDKs, and automation through Infrastructure as Code (IaC) templates such as ARM, Terraform, and Bicep.

Note that any Azure service used on Azure Arc-enabled VMware vSphere and SCVMM VMs will be charged as per the pricing for that service.

To begin with Azure Arc, you should choose the right Azure Arc service for your physical and virtual machines.

You'll want to learn about Azure Arc-enabled servers, which can help you manage and monitor your servers in a more centralized way.

Next, you should explore Azure Arc-enabled Kubernetes, which allows you to deploy and manage containerized applications across multiple environments.

Additionally, you may want to learn about Azure Arc-enabled data services, which can help you manage and monitor your data across different locations.

Here are the next steps to get started with Azure Arc:

To gain more hands-on experience, you can explore the Azure Arc Jumpstart, which provides a guided experience to help you get started with Azure Arc.

Finally, don't forget to learn about best practices and design patterns through the Azure Arc Landing Zone Accelerators, which can help you optimize your Azure Arc setup.

Troubleshooting can be a challenge, especially when dealing with Azure Arc. If you're experiencing issues with the agent installation, start by verifying that the GPO is applying and the scheduled task shows up. The installer saves logs to C:\Windows\Temp, and the script will also output to the AzureArcLogging folder on the share.

Check the sign-in events for the Service Principal in Azure AD to see if you notice any failures. If the secret has expired, you may need to generate a new one. This can be done by running PowerShell as Admin and modifying the AzureArcDeployment.psm1 script with the client secret.

To avoid running DeployGPO.ps1 again just to create the encrypted secret blob, you can generate a new file by modifying the script and running it. Replace the encryptedServicePrincipalSecret in the share, and try running the task again.