1
00:00:01,140 --> 00:00:04,340
[Autogenerated] Azure Arc enabled servers.

2
00:00:04,340 --> 00:00:09,230
Azure Arc is a pretty big deal and I found it's misunderstood by many people.

3
00:00:09,230 --> 00:00:11,640
So let's straighten it out right now.

4
00:00:11,640 --> 00:00:17,260
Azure Arc is actually a multifaceted service that goes beyond just servers.

5
00:00:17,260 --> 00:00:21,550
You can also use it with databases and kubernetes clusters,

6
00:00:21,550 --> 00:00:27,120
but we're concerned for at 800 only with Azure Arc enabled servers and what

7
00:00:27,120 --> 00:00:31,840
this does is it extends Azure Resource Manager governance,

8
00:00:31,840 --> 00:00:36,020
the off Azure systems and buy off Azure I mean Windows server

9
00:00:36,020 --> 00:00:40,410
machines that maybe another clouds like google cloud or amazon web

10
00:00:40,410 --> 00:00:43,830
services or maybe in your local data centers,

11
00:00:43,830 --> 00:00:47,240
these can be physical or virtual Windows server machines.

12
00:00:47,240 --> 00:00:50,870
Now, of course, Linux is also in scope in the real world,

13
00:00:50,870 --> 00:00:53,990
but we're not dealing with the Linux side of the equation for

14
00:00:53,990 --> 00:00:58,840
as 800 in order to onboard an off cloud Windows server to

15
00:00:58,840 --> 00:01:01,260
become an Azure arc enabled server,

16
00:01:01,260 --> 00:01:05,840
you need to install what's called the connected machine agent now note that

17
00:01:05,840 --> 00:01:08,980
this agent is separate from the log analytics agents.

18
00:01:08,980 --> 00:01:12,550
So if you really want your off cloud Windows servers to be

19
00:01:12,550 --> 00:01:14,640
as integrated with Azure as possible,

20
00:01:14,640 --> 00:01:17,380
you'll want to make sure to install both the connected

21
00:01:17,380 --> 00:01:20,790
machine agent to bring the machine into arc governance as

22
00:01:20,790 --> 00:01:22,660
well as the log analytics agent,

23
00:01:22,660 --> 00:01:27,080
which enables the machine to not only be monitored with

24
00:01:27,080 --> 00:01:29,440
Azure log analytics and Azure monitor,

25
00:01:29,440 --> 00:01:33,280
but you'll find that just about all of the Azure management solutions

26
00:01:33,280 --> 00:01:37,810
including Azure automation and update management and run books and

27
00:01:37,810 --> 00:01:42,300
those services also have a dependency on that log analytics agent as

28
00:01:42,300 --> 00:01:46,250
well if you're thinking Okay, well what about my data center machines?

29
00:01:46,250 --> 00:01:48,390
We want to be careful about the internet,

30
00:01:48,390 --> 00:01:51,800
endpoints that they're connected to check the exercise files

31
00:01:51,800 --> 00:01:54,000
because I give you a link of the ports,

32
00:01:54,000 --> 00:01:56,150
protocols and endpoints that are required.

33
00:01:56,150 --> 00:01:57,250
But it's not too bad.

34
00:01:57,250 --> 00:02:02,010
Mainly the biggest concern is that your Azure arc enabled servers will send

35
00:02:02,010 --> 00:02:05,090
heartbeat messages but notice that the interval isn't crazy,

36
00:02:05,090 --> 00:02:09,420
it's every five minutes and we're going on a firewall friendly port and

37
00:02:09,420 --> 00:02:14,530
protocol TCP 443 and your traffic is encrypted with TLS.

38
00:02:14,530 --> 00:02:15,810
Okay fine.

39
00:02:15,810 --> 00:02:21,050
So you can manage off cloud machines in Azure, what does that give you?

40
00:02:21,050 --> 00:02:25,210
Well, it unlocks some of the core governance that's available.

41
00:02:25,210 --> 00:02:29,000
And as your resource manager like Azure policy where you can put

42
00:02:29,000 --> 00:02:31,760
what I call guardrails on your environment,

43
00:02:31,760 --> 00:02:35,620
you can include vulnerability scanning recommendations,

44
00:02:35,620 --> 00:02:38,980
alerts with Microsoft defender for cloud and Azure

45
00:02:38,980 --> 00:02:42,260
sentinel we can run Azure automation,

46
00:02:42,260 --> 00:02:46,560
run books or hosted scripts on those Azure arc enabled servers.

47
00:02:46,560 --> 00:02:50,860
We can deliver virtual machine extensions to those machines

48
00:02:50,860 --> 00:02:53,650
and just have Azure monitor monitoring.

49
00:02:53,650 --> 00:02:57,930
Bottom line is you might be really impressed with the capabilities,

50
00:02:57,930 --> 00:03:00,980
the governance capabilities of Azure Resource Manager,

51
00:03:00,980 --> 00:03:03,700
wouldn't it be nice if we could use some of the

52
00:03:03,700 --> 00:03:09,570
armed governance tools off cloud, that is the value proposition of Azure Arc now,

53
00:03:09,570 --> 00:03:12,780
you'll find that Azure arc doesn't unlock all arm

54
00:03:12,780 --> 00:03:20,000
capabilities That's going to be reserved for your Azure VMS but this is a pretty good start, I think you'd agree.