Choosing the right Azure Arc service for machines

Azure Arc offers different services based on your existing IT infrastructure and management needs. Before onboarding your resources to Azure Arc-enabled servers, you should investigate the different Azure Arc offerings to determine which best suits your requirements. Choosing the right Azure Arc service provides the best possible inventorying and management of your resources.

There are several different ways you can connect your existing Windows and Linux machines to Azure Arc:

  • Azure Arc-enabled servers

  • Azure Local

Each of these services extends the Azure control plane to your existing infrastructure and enables the use of Azure security, governance, and management capabilities using the Connected Machine agent. Other services besides Azure Arc-enabled servers also use an Azure Arc resource bridge , a part of the core Azure Arc platform that provides self-servicing and additional management capabilities.

General recommendations about the right service to use are as follows:

If your machine is a... ...connect to Azure with...
Azure Local machine Azure Local
Physical server Azure Arc-enabled servers
VM on another hypervisor Azure Arc-enabled servers
VM on another cloud provider Azure Arc-enabled servers

If you're unsure about which of these services to use, you can start with Azure Arc-enabled servers and add a resource bridge for additional management capabilities later. Azure Arc-enabled servers allows you to connect servers containing all of the types of VMs supported by the other services and provides a wide range of capabilities such as Azure Policy and monitoring, while adding resource bridge can extend additional capabilities.

Region availability also varies between Azure Arc services, so you may need to use Azure Arc-enabled servers if a more specialized version of Azure Arc is unavailable in your preferred region. See Azure Products by Region to learn more about region availability for Azure Arc services.

Where your machine runs determines the best Azure Arc service to use. Organizations with diverse infrastructure may end up using more than one Azure Arc service; this is alright. The core set of features remains the same no matter which Azure Arc service you use.

Azure Arc-enabled servers

Azure Arc-enabled servers lets you manage Windows and Linux physical servers and virtual machines hosted outside of Azure, on your corporate network, or other cloud provider. When connecting your machine to Azure Arc-enabled servers, you can perform various operational functions similar to native Azure virtual machines.

Capabilities

  • Govern: Assign Azure Automanage machine configurations to audit settings within the machine. Utilize Azure Policy pricing guide for cost understanding.

  • Protect: Safeguard non-Azure servers with Microsoft Defender for Endpoint, integrated through Microsoft Defender for Cloud. This includes threat detection, vulnerability management, and proactive security monitoring. Utilize Microsoft Sentinel for collecting security events and correlating them with other data sources.

  • Configure: Employ Azure Automation for managing tasks using PowerShell and Python runbooks. Use Change Tracking and Inventory for assessing configuration changes. Utilize Update Management for handling OS updates. Perform post-deployment configuration and automation tasks using supported Azure Arc-enabled servers VM extensions.

  • Monitor: Utilize VM insights for monitoring OS performance and discovering application components. Collect log data, such as performance data and events, through the Log Analytics agent, storing it in a Log Analytics workspace.

  • Procure Extended Security Updates (ESUs) at scale for your Windows Server 2012 and 2012R2 machines running on vCenter managed estate.

Important

Azure Arc-enabled VMware vSphere and Azure Arc-enabled SCVMM have all the capabilities of Azure Arc-enabled servers, but also provide specific, additional capabilities.

Azure Local

Azure Local is a hyperconverged infrastructure operating system delivered as an Azure service. This is a hybrid solution that is designed to host virtualized Windows and Linux VM or containerized workloads and their storage. Azure Stack HCI is a hybrid product that is offered on validated hardware and connects on-premises estates to Azure, enabling cloud-based services, monitoring and management. This helps customers manage their infrastructure from Azure and run virtualized workloads on-premises, making it easy for them to consolidate aging infrastructure and connect to Azure.

Note

Azure Local comes with Azure resource bridge installed and uses the Azure Arc control plane for infrastructure and workload management, allowing you to monitor, update, and secure your Azure Local infrastructure from the Azure portal.

Capabilities

  • Deploy and manage workloads, including VMs and Kubernetes clusters from Azure through the Azure Arc resource bridge.

  • Manage VM lifecycle operations such as start, stop, delete from Azure control plane.

  • Manage Kubernetes lifecycle operations such as scale, update, upgrade, and delete clusters from Azure control plane.

  • Install Azure connected machine agent and Azure Arc-enabled Kubernetes agent on your VM and Kubernetes clusters to use Azure services (i.e., Azure Monitor, Azure Defender for cloud, etc.).

  • Leverage Azure Virtual Desktop for Azure Local to deploy session hosts on to your on-premises infrastructure to better meet your performance or data locality requirements.

  • Empower developers and application teams to self-serve VM and Kubernetes cluster operations on demand using Azure role-based access control (RBAC).

  • Monitor, update, and secure your Azure Local infrastructure and workloads across fleets of locations directly from the Azure portal.

  • Deploy and manage static and DHCP-based logical networks on-premises to host your workloads.

  • VM image management with Azure Marketplace integration and ability to bring your own images from Azure storage account and cluster shared volumes.

  • Create and manage storage paths to store your VM disks and config files.

Capabilities at a glance

The following table provides a quick way to see the major capabilities of the three Azure Arc services that connect your existing Windows and Linux machines to Azure Arc.

_ Arc-enabled servers Azure Local
Microsoft Defender for Cloud
Microsoft Sentinel
Azure Automation
Azure Update Manager
VM extensions
Azure Monitor
Discover & onboard VMs to Azure
Lifecycle operations (start/stop VMs, etc.)
Self-serve VM provisioning