Tuesday, April 19, 2022

Getting to know Azure Arc

**I do want to state of course I’m an employee of Microsoft but links to any books or courses as part of my learning experience, I am not affiliated with.  I don’t have affiliate links I’m just sharing what I found useful starting out**


Majority of Users Have a Mixed Environment


What piqued my interest in Azure Arc personally is the ability to manage complex environments.  As a former sysadmin/engineer we had a goal to virtualize all workloads.  We reached about 80% on Linux and 70% on Windows.  The team had to manage physical server workloads, VMware virtual machine workloads and then we were starting to look at cloud.  We did at the time use Azure for a new application deployment.  During this time, I feel like the rhetoric around cloud was organizations will pick one cloud to use.  The training and skilling needed to do multi-cloud seemed out of reach or to even find an individual well versed in two cloud technologies was very hard to find at the time.


Now we are seeing more and more hybrid environments.  People are choosing multiple cloud services.  Having choice is great and perhaps a specific app or service just runs better on X cloud but the majority of your other Cloud workloads are in Y.  Now as a sysadmin/cloud admin you must manage all of these.  In comes Azure Arc…


Getting started with Learning Azure Arc


There is so much information out there, blogs, Learn Modules and getting started with the basics was easy.  Anything I suggest as far as Learning is just what I chose to use.  I like video content, so it was a no brainer when I found Steve Buchanan’s Pluralsight course, Azure Arc Enabled Servers: Getting Started.  It is slightly outdated but what book or video isn’t the minute it’s published? (Azure Defender is now Microsoft Defender for Cloud for example) but the core learnings are there and if you have access to Pluralsight I highly recommend it.  It’s fast paced and about an hour and a half but very easy to digest. One-point driven home is conventional IT operations tools will never be replaced like PowerShell, using Bash, Wireshark but you can add Azure Arc to your toolkit and enhance with Role Based Access Control (RBAC), Change Tracking, Inventory, Tagging and more



Ironically, my partner also handed me this book written by lo and behold Steve Buchanan and Microsoft MVP, John Joyner.  Coincidence!? If you prefer to read, honestly, I don’t like nonfiction but found this book really helpful to get started and I’m still going through it.




Microsoft Learn Can Get You Started


There is also a great learning path on Microsoft Learn- Manage hybrid infrastructure with Azure Arc - Learn | Microsoft Docs


The module I started with was  Introduction to Azure Arc - Learn | Microsoft Docs

And you can enhance it with the Learn Live video I was able to record with Thomas Maurer.  


Yes, this kickstarted me into learning all things Azure Arc.  I had to prepare to talk live about this service.


Being able to co-host with Thomas was so much fun and getting the fundamentals set for the rest of the series. This is the only shameless plug I promise.  It’s slower paced in case you are unfamiliar with Microsoft Learn itself and lays the foundation of what you will learn later.  Security did come up quite a bit in the questions and that will be covered later on.  One thing to note it the Azure Arc connected machine agent itself only sends metadata to Azure over port 443.  The actual data within your on-premises server is not being sent.


The full series can be found here: Learn Live Azure Hybrid Cloud Study Hall running through June with 14 episodes


Real World Scenarios


I made another great connection through learning the co-author of the book (I mentioned earlier) John Joyner is part of the Learn Live Hybrid Cloud series going on.  I talked with him about real world examples using Azure Arc.  To be honest, it is one thing to learn a service or technology and another to use it in the wild.


One scenario was for a customer using Log Analytics only to add the Update Management solution.




 $42.09 was the total monthly cost for this customer with 205 servers to make sure all servers we patched and up to date.


He also stated “We also have a customer with 800 servers using the Update Management solution but in that customer the costs are absorbed in their single-Sentinel-connected workspace.


"So that I have seen 1000+ VMs on prem working the solution is accurate, and so is validation of a $0.21 per server per month cost when using only the free Azure Automation solution"


If you have any more real world scenarios to share or issues, I would love to hear about them. You can message me here, on LinkedIn or Twitter.


Updates as of Today

Azure Policy supports detection and remediation on Azure Arc enabled servers, some were in preview. Thomas has a great blog post on the topic.


Managing vSphere environments is in preview, you can deploy VMs, handle lifecycle management (resize, start/stop and delete). End users can also use Azure RBAC to allow teams to self-serve or remediate VM operations.  All of your vSphere resources will show up in the Azure Portal and installing the Azure Arc Agent will allow governance and monitoring operations in Azure


Other Great Reading Material


How To add a Server using Azure Arc by Thomas Mauer

Onboarding servers using Microsoft Endpoint Configuration Manager by Seif Bassem


Thanks for taking the time to read and I hope this helped kickstart your Azure Arc journey.

Posted at https://sl.advdat.com/3xCwMP3https://sl.advdat.com/3xCwMP3