1 00:00:01,140 --> 00:00:04,340 [Autogenerated] Azure Arc enabled servers. 2 00:00:04,340 --> 00:00:09,230 Azure Arc is a pretty big deal and I found it's misunderstood by many people. 3 00:00:09,230 --> 00:00:11,640 So let's straighten it out right now. 4 00:00:11,640 --> 00:00:17,260 Azure Arc is actually a multifaceted service that goes beyond just servers. 5 00:00:17,260 --> 00:00:21,550 You can also use it with databases and kubernetes clusters, 6 00:00:21,550 --> 00:00:27,120 but we're concerned for at 800 only with Azure Arc enabled servers and what 7 00:00:27,120 --> 00:00:31,840 this does is it extends Azure Resource Manager governance, 8 00:00:31,840 --> 00:00:36,020 the off Azure systems and buy off Azure I mean Windows server 9 00:00:36,020 --> 00:00:40,410 machines that maybe another clouds like google cloud or amazon web 10 00:00:40,410 --> 00:00:43,830 services or maybe in your local data centers, 11 00:00:43,830 --> 00:00:47,240 these can be physical or virtual Windows server machines. 12 00:00:47,240 --> 00:00:50,870 Now, of course, Linux is also in scope in the real world, 13 00:00:50,870 --> 00:00:53,990 but we're not dealing with the Linux side of the equation for 14 00:00:53,990 --> 00:00:58,840 as 800 in order to onboard an off cloud Windows server to 15 00:00:58,840 --> 00:01:01,260 become an Azure arc enabled server, 16 00:01:01,260 --> 00:01:05,840 you need to install what's called the connected machine agent now note that 17 00:01:05,840 --> 00:01:08,980 this agent is separate from the log analytics agents. 18 00:01:08,980 --> 00:01:12,550 So if you really want your off cloud Windows servers to be 19 00:01:12,550 --> 00:01:14,640 as integrated with Azure as possible, 20 00:01:14,640 --> 00:01:17,380 you'll want to make sure to install both the connected 21 00:01:17,380 --> 00:01:20,790 machine agent to bring the machine into arc governance as 22 00:01:20,790 --> 00:01:22,660 well as the log analytics agent, 23 00:01:22,660 --> 00:01:27,080 which enables the machine to not only be monitored with 24 00:01:27,080 --> 00:01:29,440 Azure log analytics and Azure monitor, 25 00:01:29,440 --> 00:01:33,280 but you'll find that just about all of the Azure management solutions 26 00:01:33,280 --> 00:01:37,810 including Azure automation and update management and run books and 27 00:01:37,810 --> 00:01:42,300 those services also have a dependency on that log analytics agent as 28 00:01:42,300 --> 00:01:46,250 well if you're thinking Okay, well what about my data center machines? 29 00:01:46,250 --> 00:01:48,390 We want to be careful about the internet, 30 00:01:48,390 --> 00:01:51,800 endpoints that they're connected to check the exercise files 31 00:01:51,800 --> 00:01:54,000 because I give you a link of the ports, 32 00:01:54,000 --> 00:01:56,150 protocols and endpoints that are required. 33 00:01:56,150 --> 00:01:57,250 But it's not too bad. 34 00:01:57,250 --> 00:02:02,010 Mainly the biggest concern is that your Azure arc enabled servers will send 35 00:02:02,010 --> 00:02:05,090 heartbeat messages but notice that the interval isn't crazy, 36 00:02:05,090 --> 00:02:09,420 it's every five minutes and we're going on a firewall friendly port and 37 00:02:09,420 --> 00:02:14,530 protocol TCP 443 and your traffic is encrypted with TLS. 38 00:02:14,530 --> 00:02:15,810 Okay fine. 39 00:02:15,810 --> 00:02:21,050 So you can manage off cloud machines in Azure, what does that give you? 40 00:02:21,050 --> 00:02:25,210 Well, it unlocks some of the core governance that's available. 41 00:02:25,210 --> 00:02:29,000 And as your resource manager like Azure policy where you can put 42 00:02:29,000 --> 00:02:31,760 what I call guardrails on your environment, 43 00:02:31,760 --> 00:02:35,620 you can include vulnerability scanning recommendations, 44 00:02:35,620 --> 00:02:38,980 alerts with Microsoft defender for cloud and Azure 45 00:02:38,980 --> 00:02:42,260 sentinel we can run Azure automation, 46 00:02:42,260 --> 00:02:46,560 run books or hosted scripts on those Azure arc enabled servers. 47 00:02:46,560 --> 00:02:50,860 We can deliver virtual machine extensions to those machines 48 00:02:50,860 --> 00:02:53,650 and just have Azure monitor monitoring. 49 00:02:53,650 --> 00:02:57,930 Bottom line is you might be really impressed with the capabilities, 50 00:02:57,930 --> 00:03:00,980 the governance capabilities of Azure Resource Manager, 51 00:03:00,980 --> 00:03:03,700 wouldn't it be nice if we could use some of the 52 00:03:03,700 --> 00:03:09,570 armed governance tools off cloud, that is the value proposition of Azure Arc now, 53 00:03:09,570 --> 00:03:12,780 you'll find that Azure arc doesn't unlock all arm 54 00:03:12,780 --> 00:03:20,000 capabilities That's going to be reserved for your Azure VMS but this is a pretty good start, I think you'd agree.